I'm trying to restrict user access to some high-level node but want to give some users ability to read some of the subnodes.
My data structure is like that:
{
"COMPANIES" : {
"COMPANY1" : {
"id" : "COMPANY1",
"name" : "COMPANY1 COMPANY"
},
"COMPANY2" : {
"id" : "COMPANY2",
"name" : "COMPANY2 COMPANY"
}
},
"USERS" : {
"xZgFtwVyQFsPK3428YCa3NekOEF3" : {
"company" : {
"COMPANY1" : true,
"COMPANY2" : true
},
"email" : "ss#sss.com",
"uid" : "xZgFtwVyQFsPK3428YCa3NekOEF3",
"username" : ""
}
}
}
and so on.
And my rules for this:
{
"rules": {
"USERS": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid"
}
},
"COMPANIES": {
"COMPANY1": {
".read": "root.child('USERS').child(auth.id).child('company').child('COMPANY1').val() == true",
".write": false
}
}
}
}
The code I'm using to access this data looks like that (in Swift):
refFire.child("COMPANIES").child("COMPANY1").observe(DataEventType.value, with: { (dsnap) in
Also, I tried this one:
refFire.child("COMPANIES").queryOrdered(byChild: "COMPANY1").queryEqual(toValue: "COMPANY1").observe(DataEventType.value, with: { (dsnap) in
And this one (unfortunately, I don't really understand the idea behind queryEqual, so I've tried different approaches):
refFire.child("COMPANIES").child("COMPANY1").queryOrdered(byChild: "COMPANY1").queryEqual(toValue: "COMPANY1").observe(DataEventType.value, with: { (dsnap) in
So I want to give access to COMPANY1 to users with COMPANY1 = true in their profile (and deny everyone else). Rules seemed to be relatively straightforward but obviously I'm doing something wrong here because even users with COMPANY1 = true can't read company information, the permission is denied.
Related
NOTE: Database = DB
NOTE: I'm using SWIFT 4 and Firebase 5.0.0
I am making a practice Instagram like project to practice using Firebase. I have tested the below 'DB 1' but then thought of 'DB 2' and was unsure about which one is more efficient and easier to code? The application is just supposed to upload a 'post' to a DB with 1 or 2 images. Thank you in advance!
EDIT:
Given that users would be able to see posts from people they follow and see posts from everyone on the search page. What would be an appropriate structure?
DB 1:
{
"user1" : {
"posts" : {
"post1" : {
"imgURL" : "https://firebasestorage.googleapis.com/v0/b/datamodel2-52bdf.appspot.com/o/l#gmail.com%2Fpost1%2F19B28DCA-9CD1-4079-BC75-AB2981A64CE3?alt=media&token=d984d2bd-698e-4cf4-8e42-36bf277850f2"
},
"post2" : {
"imgURL" : "https://firebasestorage.googleapis.com/v0/b/datamodel2-52bdf.appspot.com/o/l#gmail.com%2Fpost1%2F19B28DCA-9CD1-4079-BC75-AB2981A64CE3?alt=media&token=d984d2bd-698e-4cf4-8e42-36bf277850f2"
}
},
"userInfo" : {
"email" : "exmple#gmail.com",
}
},
"user2" : {
"posts" : "allposts",
"userInfo" : "email"
}
}
DB 2:
{
"UserPosts" : {
"User1ID" : {
"Post1" : {
"ImageURL1" : "URL"
}
}
},
"Users" : {
"User1ID" : {
"email" : "email"
},
"User2ID" : {
"email" : "email"
}
}
}
We are using learninglocker and I am trying to query its mongodb. learninglocker puts escaped urls as object names, which makes them more difficult to search. I am returning 0 results when I would expect to return several.
My find is as follows:
{"statement.object.definition.extensions.http://activitystrea&46;ms/schema/1&46;0/device.device_type": "app"}
I assume that this should be escaped somehow, however, am unsure how.
http://activitystrea&46;ms/schema/1&46;0/device
Sample object:
"statement": {
"version" : "1.0.0",
"actor" : { },
"verb" : { },
"context" : { },
"object" : {
"definition" : {
"extensions" : {
"http://activitystrea&46;ms/schema/1&46;0/device" : {
"device_type" : "app"
}
}
}
}
}
I'm trying to make an app, where you have to choose a team name, and when the user enter his/hers team name, I want to check if the name already is in use.
teamNameTextField is a UITextField and for some reason no matter what I type in the text field, it prints "Team name is not in use". I don't know what I'm doing wrong here, can somebody help me?
My code:
rootRef.child("teams").queryOrderedByChild("teamName").queryEqualToValue(teamNameTextField.text).observeSingleEventOfType(.Value, withBlock: { (snap) in
if (snap.value is NSNull) {
print("Team name is not in use")
} else {
print("Team name is already in use")
}
})
my JSON data tree:
{
"teams" : {
"pbXvXYOKmJQqwSQZ9IlBykG7x1P2" : {
"teamName" : "Test111"
},
"owidUDkEnbCOsmNSoSFu2o2iu4y38RKJNF" : {
"teamName" : "Test222"
},
"pdnJCDmcdjsiHDFb8349HGD8372bfdhb" : {
"teamName" : "Test123"
}
}
}
My database rules:
{
"rules": {
".read": true,
".write": true
}
}
I realized the problem!
I tried to type print(teamNameTextField.text), and it printed: "Optional("Test111")"
So you have to put a ! after teamNameTextField.text, then it will only print "Test111"
I launch following query:
GET archive-bp/_search
{
"query": {
"bool" : {
"filter" : [ {
"bool" : {
"should" : [ {
"terms" : {
"naDataOwnerCode" : [ "ACME-FinServ", "ACME-FinServ CA", "ACME-FinServ NY", "ACME-FinServ TX", "ACME-Shipping APA", "ACME-Shipping Eur", "ACME-Shipping LATAM", "ACME-Shipping ME", "ACME-TelCo-CN", "ACME-TelCo-ESAT", "ACME-TelCo-NL", "ACME-TelCo-PL", "ACME-TelCo-RO", "ACME-TelCo-SA", "ACME-TelCo-Treasury", "Default" ]
}
},
{
"bool" : {
"must_not" : {
"exists" : {
"field" : "naDataOwnerCode"
}
}
}
} ]
}
}, {
"range" : {
"bankCommunicationStatusDate" : {
"from" : "2006-02-27T06:45:47.000Z",
"to" : null,
"time_zone" : "+02:00",
"include_lower" : true,
"include_upper" : true
}
}
} ]
}
}
}
And I receive no results, but the field exists in my index.
When I strip off the data owner part, I still have no results. When I strip off the bankCommunicationDate, I get 10 results, so there is the problem.
The query of only the bankCommunicationDate:
GET archive-bp/_search
{
"query" :
{
"range" : {
"bankCommunicationStatusDate" : {
"from" : "2016-04-27T09:45:43.000Z",
"to" : "2026-04-27T09:45:43.000Z",
"time_zone" : "+02:00",
"include_lower" : true,
"include_upper" : true
}
}
}
}
The mapping of my index contains the following bankCommunicationStatusDate field:
"bankCommunicationStatusDate": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
}
And there are values for the field bankCommunicationStatusDate in elasticsearch:
"bankCommunicationStatusDate": "2016-04-27T09:45:43.000Z"
"bankCommunicationStatusDate": "2016-04-27T09:45:47.000Z"
What is wrong?
What version of Elastic Search do you use?
I guess the reason is that you should use "gte/lte" instead of "from/to/include_lower/include_upper".
According to documentation to version 0.90.4
https://www.elastic.co/guide/en/elasticsearch/reference/0.90/query-dsl-range-query.html
Deprecated in 0.90.4.
The from, to, include_lower and include_upper parameters have been deprecated in favour of gt,gte,lt,lte.
The strange thing is that I have tried your example on elastic search version 1.7 and it returns data!
I guess real depreciation took place much later - between 1.7 and maybe newer version you have.
BTW. You can isolate the problem even further using Sense plugin for Chrome and this code:
DELETE /test
PUT /test
{
"mappings": {
"myData" : {
"properties": {
"bankCommunicationStatusDate": {
"type": "date"
}
}
}
}
}
PUT test/myData/1
{
"bankCommunicationStatusDate":"2016-04-27T09:45:43.000Z"
}
PUT test/myData/2
{
"bankCommunicationStatusDate":"2016-04-27T09:45:47.000Z"
}
GET test/_search
{
"query" :
{
"range" : {
"bankCommunicationStatusDate" : {
"gte" : "2016-04-27T09:45:43.000Z",
"lte" : "2026-04-27T09:45:43.000Z"
}
}
}
}
My app is using Firebase's Facebook authentication and I have the following users collection:
{
"fsdjf34hf98wjefj" : {
"uid" : "facebook:543634634536"
},
"3298djwhy9hwd34234" : {
"uid" : "facebook:7658899965432"
}
}
I'm trying to restrict access so that a user can view only his own user:
{
"rules": {
".write": true,
"users": {
".read": "auth.uid === data.child('uid').val()",
}
}
}
I get the following error when trying to access a user from JavaScript:
Error: permission_denied: Client doesn't have permission to access the
desired data.
Does anyone know the correct syntax for the .read section? I've tried many things but I don't seem to get the hang of the logic behind it.
Assuming your collection is:
"users": {
"fsdjf34hf98wjefj" : {
"uid" : "facebook:543634634536"
},
"3298djwhy9hwd34234" : {
"uid" : "facebook:7658899965432"
}
}
Your rules will need to be something like:
{
"rules": {
"users": {
"$user": {
".read": "auth.uid === data.child('uid').val()",
}
}
}
}
The $user in there applies to every user node.
Note that the easiest way to troubleshoot such issues is by using the Simulator tab in the Firebase dashboard to simulate the operation. It will tell you exactly why the operation is allowed/rejected, while the SDK will (intentionally) only tell you that the operation was rejected.