I'm building a private note app in Firebase realtime database, Android environment, and now, I'd like to add authentificaion features with google sign-in in my app.
Until now, I tried several Rules in 'Rules playground', but it's not working well.
DB is like following:
{
"items" : {
"-MwtOrIBmhaoiGtSjzRl" : {
"key" : "-MwtOrIBmhaoiGtSjzRl",
"modifiedAt" : "2022-02-27 04:19:15.782677",
"string" : "test11"
},
"-MwvRBvCJ3hVJS3Qx1M3" : {
"key" : "-MwvRBvCJ3hVJS3Qx1M3",
"modifiedAt" : "2022-02-27 13:48:43.081140",
"string" : "Test2"
}
}
}
And the rules are like following:
{
"rules":{
"items": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid",
},
".indexOn": "modifiedAt"
}
}
}
In Rules playground, I tried 'get' simulation and the result is 'Simulated read denied'
{
"auth": {
"uid": "e41ac05f-6c93-40c8-add6-90bccf8ab80d",
"token": {
"sub": "e41ac05f-6c93-40c8-add6-90bccf8ab80d",
"firebase": {
"sign_in_provider": "google.com"
},
"email": "",
"email_verified": false,
"phone_number": "",
"name": ""
}
},
"resource": {
"key": "value"
},
"path": "/item",
"method": "get",
"time": "2022-02-27T14:44:13.766Z",
"isAdmin": false
}
Can I get some help?
One strange thing is that the follwing rules are not working well also.
{
"rules":{
"items": {
"$uid": {
".read": true,
".write": true,
},
".indexOn": "modifiedAt"
}
}
}
CodePudding user response:
The key values you have under items are not Firebase Auth UIDs. They are push IDs randomly generated from your client app code. A push ID has nothing to do with the identity of the person who added that data.
To be clear, this value: "MwtOrIBmhaoiGtSjzRl" is not a UID. And it doesn't match the UID you're specifying here: "e41ac05f-6c93-40c8-add6-90bccf8ab80d".
If you want to use the user's UID as the key of the data to add to the database, don't use push(). You should instead build a path to the data using the user's UID in your code using setValue() as shown in the documentation.