Menu
I'm trying to mix Firebase's Rule wildcards with children comparisons.
I'm reading a child elsewhere who's value is '4'.
When I do a literal comparison, the simulator gives me the green light (like this):
{
"rules": {
"die": {
"rolls": {
"$i": {
".read": "4 == root.child('die/i').val()"
}
},
"i": {
".read": true,
".write": true
}
}
}
}
Output (success):
Type read
Location /die/rolls/4
Data null
Auth null
Read successful
Line 7 (/die/rolls/4)
read: "4 == root.child('die/i').val()"
But a wildcard comparison fails. Why?
{
"rules": {
"die": {
"rolls": {
"$i": {
".read": "$i == root.child('die/i').val()"
}
},
"i": {
".read": true,
".write": true
}
}
}
}
Output (failure):
Type read
Location /die/rolls/4
Data null
Auth null
Read denied
Line 7 (/die/rolls/4)
read: "$i == root.child('die/i').val()"
(also, I've tried simulating authentication; same thing.)
209
The RTDB has only three rule types: . read.
To access your rules from the Firebase console, select your project, then in the left-hand navigation panel, click Realtime Database. Click Rules once you're in the correct database or storage bucket. To access your rules from the Firebase CLI, go to the rules file noted in your firebase. json file.
To build user-based and role-based access systems that keep your users' data safe, you need to use Firebase Authentication with Cloud Firestore Security Rules. Note: The server client libraries bypass all Cloud Firestore Security Rules and instead authenticate through Google Application Default Credentials.
Firebase Realtime Database Security Rules determine who has read and write access to your database, how your data is structured, and what indexes exist. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.
The reason this is failing is because
root.child('die/i').val()
returns a number. Per the firebase documentation
Note: Path keys are always strings. For this reason, it's important to keep in mind that when we attempt to compare a $ variable to a number, this will always fail. This can be corrected by converting the number to a string (e.g. $key === newData.val()+'')
The following gives you your desired results
{
"rules": {
"die": {
"rolls": {
"$i": {
".read": "$i === root.child('die/i').val()+''"
}
},
"i": {
".read": true,
".write": true
}
}
}
}
Firebase documentation
185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
