问题
Hello guys I'm new to Firebase and I am trying to develop a simple chat app. So far I have got the authentication done following the steps on the Firebase documentation.
This is my login method
loginUser: function(){
console.log("Login button");
var self = this;
ref.authWithOAuthPopup("github", function(error, authData) {
if (error) { console.log("Login Failed!", error);}
else {
console.log(authData);
ref.child("users").child(authData.uid).set({
auth : authData.auth,
provider : authData.provider,
name : authData.github.displayName,
imgUrl : authData.github.profileImageURL,
token: authData.token
});
self.user.name = authData.github.displayName;
self.user.imgUrl = authData.github.profileImageURL;
self.user.provider = authData.provider;
setTimeout(function(){ self.authenticated = true; }, 2000);
this.getContacts();
}
},{
remember : "sessionOnly",
scope: "user"
});
}
and this is the getContacts method (I tried to console the snapshot but I got nothing)
getContacts: function(){
console.log('GET CONTACTS');
var self = this;
//retrieving all the user, but for somehow this request doesn't execute
ref.child('users').once('value',function(snapshot){
var contacts = snapshot.val();
console.log(contacts);
for(var contact in contacts){
self.contacts.push({
id: contact,
name: contacts[contact].name,
imgUrl: contacts[contact].imgUrl,
provider: contacts[contact].provider
});
}
});
}
these are the security rules
{
"rules": {
"users": {
"$uid": {
// grants write access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
// grants read access to any user who is logged in with GitHub
".read": "auth !== null && auth.provider === 'github'"
}
}
}
I have to mention that I'm using Vuejs
回答1:
You're granting access to specific users: /users/$uid. But to be able to run a query against a node in Firebase, you must have read access to that node. So Firebase rejects your query, because you don't have access to /users. The documentation covers this in the section "rules are not filters". Many people run into this problem, since this is a very common approach in relational databases. The fact that rules are not filters and that permissions cascade down, are the two most common pitfalls of the Firebase security model.
In this case you'll likely want to grant all users access to the entire /users node, so you can just move the read permission up one level:
{
"rules": {
// grants read access to any user who is logged in with GitHub
".read": "auth !== null && auth.provider === 'github'"
"users": {
"$uid": {
// grants write access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
}
}
}
With this every github-authenticated users, can read all users and thus the query will not be rejected.
In other cases you may have to model your data differently to work with the security constraints that you want.
来源:https://stackoverflow.com/questions/34842287/cant-read-data-from-firebase-after-authentication