Permission denied on Firebase

Question

Permission denied on Firebase

Asked 5 years, 9 months ago

Viewed 537 times

2

I’m developing an app with Ionic 3 and the Firebase ... In the rules of Realtime Database, the problem arises: I try to put the rules pro type "user", but the following error arises :

ERROR Error: Uncaught (in Promise): Error: PERMISSION_DENIED: Permission denied

ERROR Error: permission_denied at /orders: Client doesn’t have permission to access the desired data.

Rule structure :

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}

Where is /requests in the database?

– Lennoard Silva

2018/09/20 at 11:48
{ "requests" { "-Lmmaryymarcdemmdpjm" { "name" : "ASDASD", "tel" : "23" }, "-Lmnvv3syodnsdkuktjo" : { "name" : "asdasd", "tel" : "23" }, "-Lmnw4kkrruojaof1i3p" : { "name" : "asdasd", "tel" : "231" }, "-Lmqitihar-Vumkpq8fd" { "name" : "asdasdsa", "tel" : "213" }, "-Lmqjg75q0ajgr_3dhxg" : { "name" : "asdsad", "tel" "123" } } } } }

– user125721

2018/09/20 at 12:07
So it’s at the root as well as users? (Post relevant data formatted in the question)

– Lennoard Silva

2018/09/20 at 13:23
How should the right structure be for my database ? I need only the user to read and write their requests. Would that be the way ?? : { "Rules": { "users": { "requests": { "$uid": { ". read": "$uid === auth.uid", ". write": "$uid === auth.uid" } } } } }

– user125721

2018/09/20 at 13:31

2 answers

Browser other questions tagged javascript node.js ionic firebase

You are not signed in. Login or sign up in order to post.

by Flávio Jardim • **254** points · Answer 1 · 2018-09-19T19:30:18+00:00

0

I believe that the rules of the Firebase are defined as read / write = false, so you can’t develop. To fix that, just access the rules in Firebase Console > Realtime Database and changes the definitions to true.

More information here

But in this way, all users will have access to all information ? I need that particular user, have access only to their respective requests, in case

– user125721

2018/09/19 at 19:38
In fact this makes the information public. Make sure to protect the database again before going into production.

– Flávio Jardim

2018/09/19 at 19:49

by Lennoard Silva • **581** points · Answer 2 · 2018-09-21T00:17:21+00:00

Of a comment:

I need only the user to read and write their requests.

First, we can try to organize this way, see if this matches your needs:

- users
   - uid
      - pedidos
         - idPeDIDoLE7NyOSXaLSZ
            - name: "ASDF"
            - tel: "23"
         - idPeDIDoYWchTgdMk9W1
            - name: "FDSA"
            - tel: "94"

Rules:

{
  "rules": {
    "users": {
      "$uid": {
        //".read" : "$uid === auth.uid",
        "pedidos": {
          ".read" : "$uid === auth.uid",
          ".write" : "$uid === auth.uid"
        }
      }
    }
  }
}

Or thus

- users
   - uid
    //- Informações do usário aqui, nome, email etc.
- uid
   - pedidos
      - idPeDIDoLE7NyOSXaLSZ
         - name: "ASDF"
         - tel: "23"
      - idPeDIDoYWchTgdMk9W1
         - name: "FDSA"
         - tel: "94"

Rules:

{
  "rules": {
    "$uid": {
      //".read" : "$uid === auth.uid",
      "pedidos": {
        ".read" : "$uid === auth.uid",
        ".write" : "$uid === auth.uid"
      }
    }
  }
}