Firebase rules for multiple databses

Firebase rules for multiple databses - android

I'm developing an Android app using Firebase Realtime Database.
My project contains 3 distinct databases:
Database 1: for common items;
Database 2: for feature A;
Database 3: for feature B;
In database 1, I'm able to create rules (working for this database) using its nodes to validate if specific user is able to read and write any data, for instance:
{
"rules":
{
"plants":
{
".read": true, /*"auth !== null",*/
".write": "auth !== null && root.child('userRegistration/' + auth.uid).child('profileTypeInfo').val()=='0'"
},
"criteria":
{
".read": "auth !== null",
".write": "auth !== null && root.child('userRegistration/' + auth.uid).child('profileTypeInfo').val()=='0'"
},
"guide":
{
".read": "auth !== null",
".write": "auth !== null && root.child('userRegistration/' + auth.uid).child('profileTypeInfo').val()=='0'"
},
"userRegistration":
{
".read": true,
".write": true
},
"report" :
{
".read": "auth !== null && root.child('userRegistration/' + auth.uid).child('isActiveInfo').val()==true",
".write": "auth !== null && root.child('userRegistration/' + auth.uid).child('isActiveInfo').val()==true",
}
}
}
For this Database is OK, because I'm using the root.child of the current database. The issue is related to database A and B, because I'd like to use something like this:
database1.child('userRegistration/' + auth.uid).child('profileTypeInfo').val()=='0'"
instead of using
root.child('userRegistration/' + auth.uid).child('profileTypeInfo').val()=='0'"
In other words, I need using the child data from the database 1 despite of using the root child, which not contains the child userRegistration
I do appreciate your help!

Related

Rules realtime database

I want to create a rule, which when one login account reads and writes to the database, can you help me, and is there something wrong with my code?
this my rules database
{
"rules": {
"User": {
"$uid": {
".read": "auth !== null && auth.uid === $uid",
".write": "auth !== null && auth.uid === $uid"
}
},
"Layanan Nasabah": {
".read": "root.child('User/' + auth.uid).exists()",
".write": "root.child('User/' + auth.uid).exists()"
}
}
}
this my codes
database.child("Layanan Nasabah").child(mAuth.getUid()).setValue(new pengaduan
(getNo,getNo_Tiket,getNama_Penelpon,getPenelpon1,getPenelpon2,getEmail,getPertanyaan,getTertanggung,getNo_Polis,getObyek,getCatatan)).addOnSuccessListener(unused -> {
Toast.makeText(TambahActivity.this, "Data Berhasil Disimpan", Toast.LENGTH_SHORT).show();
startActivity(new Intent(TambahActivity.this, OnprogressActivity.class));
finish();
}).addOnFailureListener(e ->
Toast.makeText(TambahActivity.this, "Data Gagal Disimpan", Toast.LENGTH_SHORT).show());
}

From what I understand you want only logged in users (authenticated users) to read/write to nodes in your database.
This rule:
".write": "auth !== null && auth.uid === $uid"
Means that any authenticated user can only write to his own uid.
In users node, you already did what you are asking for:
//because this means any authenticated user can read and write their
//own nodes (UIDs)
"User": {
"$uid": {
".read": "auth !== null && auth.uid === $uid",
".write": "auth !== null && auth.uid === $uid"
}
}
UPDATE
If you also want that authenticated users only can read and write to Layanan Nasabah node, you can do this:
"Layanan Nasabah": {
"$uid":{
".read": "root.child('User/' + auth.uid).exists() && auth !== null && auth.uid === $uid",
".write": "root.child('User/' + auth.uid).exists() && auth !== null && auth.uid === $uid"
}
}

Firebase Security Rules UserPhoneId

I created my app with the following database structure
Root/
Users/
+12345566777
+12345667765
+43223456677
And here it is an example of my security rules
{
"rules": {
"$uid": {
"Users": {
".read": "auth != null",
".write": "auth != null && auth.uid == $uid"
}
}
}
}
My problem is that instead of verifiying the auth.uid inside of my security rules i want to verify the (identifiant) the UserPhoneId is there any way to do that, thank you.

How to give full read and write permission in Firebase

{
"rules": {
".read": "true",
".write": "true"
}
}
Please mention complete code that I have to put in the Rules section of Firebase since I am facing error while entering the above code.

Read here
// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}

{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
But this is not secure.
Firebase say that "Your security rules are not secure. Any authenticated user can steal, modify, or delete data in your database."

If you are using firebase then the rules below apply as an example, for firestore the rule structure is a little different.
To change the rulles you can go to the firebase project area Database on the left menu and then rules on the blue menu.
However I need to mention that if you are doing a firebase deploy you WILL OVERWRITE these rulles with the contents of database.rules.json that is in your top level for firebase project structure and firestore.rules for firestore.
{
"rules": {
".read": true,
".write": "auth != null",
"FirstlevelNode_1": {
".read": "auth != null",
".write": "auth.uid == 'NyEFUW2fdsbgv3WRQRHl4K4YWTxf17Dgc2' || auth.uid == '34x5KfLnk4fgyrjMtvvanb4VSypenBC83'"
},
"FirstlevelNode_2_with_children": {
".read": true,
".write": "auth.uid == 'NyEFUWv3WRQRHl4K4YWTdsfdxf17Dgc2' || auth.uid == '34x5KfLnk4Mtvvanb4VSypfdsahenBC83'",
"SecondLevelNode_1": {
"$uid": {
".read": true,
".write": "$uid === auth.uid || auth.uid == 'NyEFUWv3WRQRHlddsfsadsa4K4YWTxf17Dgc2' '"
}
},
"SecondLevelNode_2": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid "
}
}
}
}
}

what rules database in firebase for user can read & right and admin can read database?

My firebase database rule is like the following:
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}

This rule will allow database read and write if user is authorized or logged in.
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
This rule will allow database read and write without checking if the user is authorized.
{
"rules": {
".read": "true",
".write": "true"
}
}

Or operator '||' not working in firebase rules

I'm trying to change my firebase realtime database rules so that I can access it from both authenticated and unauthenticated users, I changed them to
{
"rules": {
".read": "auth == null",
".write": "auth != null" ||"auth==null"
}
}
But the or operator || is not working. What should I do?
Thanks!

Try This
{
"rules:{
".read": "auth == null",
".write": "auth != null || auth==null"
}
}

Also, If you want to allow both users authenticated and non-authenticated , it means you want to allow all users to access database, then you can do this :
These rules give anyone, even people who are not users of your app,
read and write access to your database
{
"rules": {
".read": true,
".write": true
}
}

Develop Reference

The Android operating system is a mobile operating system that was developed by Google (GOOGL?) to be primarily used for touchscreen devices, cell phones, and tablets.

Firebase rules for multiple databses - android

Related

Rules realtime database

Firebase Security Rules UserPhoneId

How to give full read and write permission in Firebase

what rules database in firebase for user can read & right and admin can read database?

Or operator '||' not working in firebase rules

Categories

Resources