1. 技术文章
  2. I want to retrieve the data that is generated by the user but getting permission denied error in Firebase

I want to retrieve the data that is generated by the user but getting permission denied error in Firebase

﹥>﹥吖頭↗ 提交于 2019-12-11 18:51:53

问题


Rule written for dummyOrders:

"rules": {
    "dummyOrders":{
      "$dummyid":{
        ".write": "auth!=null && $dummyid.contains(auth.uid)",
        ".read": "auth!=null && $dummyid.contains(auth.uid)"
      }
    }

Structure of dummy orders:

-LLKkP5GLMkMqy-OvFsY|3wvZGffGY5gUSKlFzhLw7hwXLEi1
    cemail: "nateshmbhat1@gmail.com"
    cid: "NKGiiChIqCdUcithC48mtuWkaAt1"
    cname: "Natesh Bhat"
    date: "2018-09-01T15:31:25.060Z"
    file_names: "JavaEvaluation.doc,"
    message: "Sample testing. "
    oid: "Order 230"
    status: "requested"
    xid: "ybfXhEkmCNbOuAN0XJYE8b84ix93"
    xshopName: "SIT Campus Xerox"

When I run the simulator in Firebase it is not giving any error.

I am trying to retrieve the data from dummyOrders and the rule which I have written above.

I am trying to access the data using below code : 

var orderRef = firebase.database().ref('dummyOrders').orderByChild('cid').equalTo(user.uid);

I am getting firebase permission denied error. I am new to firebase and hence I need some help to understand how to retrieve the data which I am trying to access.

The dummyorder id is :

-LLKkP5GLMkMqy-OvFsY|3wvZGffGY5gUSKlFzhLw7hwXLEi1

The UID from which the data came 3wvZGffGY5gUSKlFzhLw7hwXLEi1 and I need to display that data in his profile.

-LLKkP5GLMkMqy-OvFsY Is the of some shop to which I need to display this order too.

So for dummyOrder I have given the id as

shopid|userid

Please let me know what is the mistake I am doing here. I am not able to understand why I am getting the permission denied error and how to resolve it.

Thanks for your help.


回答1:


The first thing to note is that Firebase rules are not filters. So when you try to get data from firebase.database().ref('dummyOrders') it will check if the user has permission at that location. Because you have no rule for that location Firebase will use the default, which is false.

There are two possible solutions to this problem. The first is making sure you read/write from the location you have specified in the rules, in this case firebase.database().ref('dummyOrders').child($dummyid). But since you are using compounded keys and you probably only know the user ID i doubt this will be the right solution for you.

The second option is using Query-based security rules. With this you can specify what query is allowed. For your code in the question you will get rules that look like this.

"rules": {
  "dummyOrders":{
    ".read": "query.orderByChild == 'cid' &&
        query.equalTo == auth.uid" // restrict basket access to owner of dummyOrders

    "$dummyid":{
      ".write": "auth!=null && $dummyid.contains(auth.uid)",
      ".read": "auth!=null && $dummyid.contains(auth.uid)"
    }
  }
}

Remember that for query-based rules to work the query has to match the rule.



来源:https://stackoverflow.com/questions/52151580/i-want-to-retrieve-the-data-that-is-generated-by-the-user-but-getting-permission

标签
firebase
firebase-realtime-database
firebase-authentication
firebase-security
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!