I've created the following security framework in Realtime Database:
{
"rules": {
"receita": {
"$chave": {
".write": "auth.uid === newData.child('usuario').val()",
".read": "auth.uid === data.child('usuario').val() || data.child('tipo').val() === true"
}
}
}
}
For the following data structure in the database:
{
"receita" : {
"-L92JgTg4xIDCymtq26h" : {
"imagem" : "default",
"ingrediente" : [ "teste" ],
"nome" : "teste",
"preparo" : "teste",
"tipo" : true,
"usuario" : "Az2Mra1xJwXtpaspGwgvj7hm9NA2"
},
"-L9CwBmuVETG5TSjLHz7" : {
"imagem" : "default",
"ingrediente" : [ "teste" ],
"nome" : "teste",
"preparo" : "teste",
"tipo" : true,
"usuario" : "Az2Mra1xJwXtpaspGwgvj7hm9NA2"
}
}
}
Using Authentication with Google Provider
The ".write"
works perfectly, but the ".read"
does not (permission error), I've already changed the same to:
".read": true //Leitura pública
But also did not work, I believe the error is in the structure of my rule but I do not know where
To "work", I've changed the rules to:
{
"rules": {
"receita": {
"$chave": {
".write": "auth.uid === newData.child('usuario').val()"
},
".read": "true"
}
}
}
I tested it that way too, but without success:
".read": "auth.uid === data.child($chave + '/usuario').val() || data.child($chave + '/tipo').val() === true"
With the structured rules of the first way, I tried to fetch the data as follows:
firebase.database().ref('receita').once('value').then(function(snapshot) {
console.log(snapshot.val())
})
But it results in the permission error, but doing the same passing a valid key for reference works:
firebase.database().ref('receita/-L8UX8Ajz8P1XcudJUih').once('value').then(function(snapshot) {
console.log(snapshot.val())
})
Then the error is when I get a reference from the database because in the recipe directory ( /receita
), I do not have any rules, only in /receita/$chave