I have a problem setting my security rules properly, especially reading post data.
Data hierarchy:
Posted: {title: "Post One", User ID: 6}}, User: {6: {Name: "My name"} } And my rules are:
{"rule": {"posts": {"$ post": {".read": " Data.child ('UserID'). Val () == auth.id "," .write ":" newData.child ('userId'). Val () == auth.id "}}," user ": {"$ User": {".read": "auth.id == $ user", ".write": "auth.id == $ user"}}}} I know that "Auth.id" is 6, because it is dragging my user information correctly if I have the numbers permanently Changes the rules for selling, so it works:
"$ post": {".read": "data.child ('userId'). Val () == 6 "," .write ":" newData.child ('userId'). Val () == auth.id "} but not using auth.id. Am i missing One thing to keep in mind is that the security rules are safe, in particular, in the rules, " 6 "! = 6 (because there is a string and a number). So maybe your auth.id is "6" (in the form of a string), but as your user id number 6?
If this is the case, then a potential fix will change your rule expression like this:
data.child ('userId'). Val () + '' == auth.id that will force the user to be a string. Alternatively, you can change your data to ensure that the User ID is always stored as a string.
No comments:
Post a Comment