Or operator '||' not working in firebase rules

Or operator '||' not working in firebase rules - android

I'm trying to change my firebase realtime database rules so that I can access it from both authenticated and unauthenticated users, I changed them to
{
"rules": {
".read": "auth == null",
".write": "auth != null" ||"auth==null"
}
}
But the or operator || is not working. What should I do?
Thanks!

Try This
{
"rules:{
".read": "auth == null",
".write": "auth != null || auth==null"
}
}

Also, If you want to allow both users authenticated and non-authenticated , it means you want to allow all users to access database, then you can do this :
These rules give anyone, even people who are not users of your app,
read and write access to your database
{
"rules": {
".read": true,
".write": true
}
}

Related

how can I read and write as an admin even if the rules set to false in Firebase Realtime Database

As an admin I am trying to get the users data so that I could 'read' and 'write' even through the rules of the firebase 'read','write' set to be false.
users
|
"uid"
|-firstname: "xyz"
|-lastname: "xyz"
|-email: "xyz#gmail.com"
Here, is my rules
"users": {
"$uid": {
".read": "auth != null && $uid === auth.uid",
".write": "auth != null && $uid === auth.uid"
}
}
when I am retrieving users data from firebase using FirebaseRecyclerOptions, users data display only when I set rules read and write to true but I want even if the rules set to be false through admin I could read and write. Is this possible
FirebaseRecyclerOptions<Model> options =
new FirebaseRecyclerOptions.Builder<Model>()
.setQuery(FirebaseDatabase.getInstance().getReference("Users"), Model.class)
.build();

Add a boolean to your user object and call it admin, set it false for all the users except you.
Now copy that to your firebasee rules:
"users": {
".read":
"root.child('users').child($uid).child('Admin').val()",
".write":"
"root.child('users').child($uid).child('Admin').val()"
,"$uid": {
".read": "auth != null && $uid === auth.uid",
".write": "auth != null && $uid === auth.uid"
}
}
}
}
Just like the isActivated boolean I have in my Users you can create a boolean called isAdmin.Add it to your admin class , give it set and get methods in your class.When you upload it to firebase you can read and write this data.
Then let your firebase rules to do the job.

It depends on what "as an admin" means to you. If the application administrator is only you for example, you could simply hard-code your own UID in the security rules:
"users": {
".read": "auth.uid === 'yourOwnUid'"
"$uid": {
".read": "auth != null && ($uid === auth.uid",
".write": "auth != null && $uid === auth.uid"
}
}
This grants the one user access to all of /users, while everyone else can only read their own child node under that path.
Hard-coding the UID like this works great during development, as you're likely the only administrator. Later on when closer to release, you'll want to store a list of administrator UIDs in the database:
"Admins": {
"yourOwnUid": true,
"otherUid": true
}
You can then check in your rules whether the current user's UID exists in this path with:
"users": {
".read": "root.child('Admins').child(auth.uid).exists()"
...
}

How can I set up my firebase rules so only content-owners have read and write to their data?

I have checked the documentation but I am not sure how to apply that rule to my specific data structure, please check how my data is organized and provide me the rules as it is supposed to go.
I am using realtime Database, in my app code I write and read base on the user ID, but firebase keeps telling I should change my rules.

To apply the rules in the documentation on content-owner only access to your structure would take:
{
"rules": {
"Expenses": {
"$uid": {
// Allow only authenticated content owners access to their data
".read": "auth != null && auth.uid == $uid"
".write": "auth != null && auth.uid == $uid"
}
},
"Users": {
"$uid": {
// Allow only authenticated content owners access to their data
".read": "auth != null && auth.uid == $uid"
".write": "auth != null && auth.uid == $uid"
}
}
}
}

Firebase Security Rules UserPhoneId

I created my app with the following database structure
Root/
Users/
+12345566777
+12345667765
+43223456677
And here it is an example of my security rules
{
"rules": {
"$uid": {
"Users": {
".read": "auth != null",
".write": "auth != null && auth.uid == $uid"
}
}
}
}
My problem is that instead of verifiying the auth.uid inside of my security rules i want to verify the (identifiant) the UserPhoneId is there any way to do that, thank you.

How to give full read and write permission in Firebase

{
"rules": {
".read": "true",
".write": "true"
}
}
Please mention complete code that I have to put in the Rules section of Firebase since I am facing error while entering the above code.

Read here
// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}

{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
But this is not secure.
Firebase say that "Your security rules are not secure. Any authenticated user can steal, modify, or delete data in your database."

If you are using firebase then the rules below apply as an example, for firestore the rule structure is a little different.
To change the rulles you can go to the firebase project area Database on the left menu and then rules on the blue menu.
However I need to mention that if you are doing a firebase deploy you WILL OVERWRITE these rulles with the contents of database.rules.json that is in your top level for firebase project structure and firestore.rules for firestore.
{
"rules": {
".read": true,
".write": "auth != null",
"FirstlevelNode_1": {
".read": "auth != null",
".write": "auth.uid == 'NyEFUW2fdsbgv3WRQRHl4K4YWTxf17Dgc2' || auth.uid == '34x5KfLnk4fgyrjMtvvanb4VSypenBC83'"
},
"FirstlevelNode_2_with_children": {
".read": true,
".write": "auth.uid == 'NyEFUWv3WRQRHl4K4YWTdsfdxf17Dgc2' || auth.uid == '34x5KfLnk4Mtvvanb4VSypfdsahenBC83'",
"SecondLevelNode_1": {
"$uid": {
".read": true,
".write": "$uid === auth.uid || auth.uid == 'NyEFUWv3WRQRHlddsfsadsa4K4YWTxf17Dgc2' '"
}
},
"SecondLevelNode_2": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid "
}
}
}
}
}

what rules database in firebase for user can read & right and admin can read database?

My firebase database rule is like the following:
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}

This rule will allow database read and write if user is authorized or logged in.
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
This rule will allow database read and write without checking if the user is authorized.
{
"rules": {
".read": "true",
".write": "true"
}
}

Develop Reference

The Android operating system is a mobile operating system that was developed by Google (GOOGL?) to be primarily used for touchscreen devices, cell phones, and tablets.

Or operator '||' not working in firebase rules - android

I'm trying to change my firebase realtime database rules so that I can access it from both authenticated and unauthenticated users, I changed them to { "rules": { ".read": "auth == null", ".write": "auth != null" ||"auth==null" } } But the or operator || is not working. What should I do? Thanks!

Try This { "rules:{ ".read": "auth == null", ".write": "auth != null || auth==null" } }

Related

how can I read and write as an admin even if the rules set to false in Firebase Realtime Database

How can I set up my firebase rules so only content-owners have read and write to their data?

Firebase Security Rules UserPhoneId

How to give full read and write permission in Firebase

what rules database in firebase for user can read & right and admin can read database?

Categories

Resources