问题
Here i am calling this function with phone number after he complete his verification an this function is adding his number using custom claim to satisfy this filebase database security rule
{
"rules": {
"Users": {
//".read": true,
//".write": "auth.token.phone == newData.val()",
//".read": "auth.uid != null",
//".write": "newData.child('Personal Details').child('phone').val() === auth.token.phone"
"$userNumber": {
"Personal Details": {
".read": "auth.uid != null",
".write": "auth.token.phone == $userNumber"
},
"Notifications": {
".read": "auth.token.phone === $userNumber",
".write": "auth.uid != null"
},
}
Refreshing token after this function call
FirebaseAuth.getInstance().getCurrentUser().getIdToken(true).addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
@Override
public void onComplete(@NonNull Task<GetTokenResult> task) {
Log.d("firebaseFunctionCall", "onComplete: token refreshed");
checkUser();
}
}).addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(@NonNull Exception e) {
loadingBar.dismiss();
Log.d("firebaseFunctionCall", "onFailure: failed to refresh error: "+e.getMessage());
}
});
here i am doing when a user is verified his number then his phone number is also added to the database
But i am getting Database Permission denied error.
userRef = FirebaseDatabase.getInstance().getReference().child("Users");
If any further details need please ask me . but please help me with this problem.
回答1:
Your query is attempting to get the entire contents of the Users node, but your security rules don't allow that. The rules will not filter out the nodes that the user may not access (please read and understand that link). You will need to fetch only the part of the database that the user has been granted access by the rules. This means your rules allow access to only "Users/number/Personal Details" and "Users/number/Notifications", and nothing else.
来源:https://stackoverflow.com/questions/58447913/firebase-permission-denied