Firebase Permission Denied

Firebase Permission Denied

By default the database in a project in the Firebase Console is only readable/writeable by administrative users (e.g. in Cloud Functions, or processes that use an Admin SDK). Users of the regular client-side SDKs can't access the database, unless you change the server-side security rules.

You can change the rules so that the database is only readable/writeable by authenticated users:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

See the quickstart for the Firebase Database security rules.

But since you're not signing the user in from your code, the database denies you access to the data. To solve that you will either need to allow unauthenticated access to your database, or sign in the user before accessing the database.

Allow unauthenticated access to your database

The simplest workaround for the moment (until the tutorial gets updated) is to go into the Database panel in the console for you project, select the Rules tab and replace the contents with these rules:

{
  "rules": {
    ".read": true,
    ".write": true
  }
}

This makes your new database readable and writeable by anyone who knows the database's URL. Be sure to secure your database again before you go into production, otherwise somebody is likely to start abusing it.

Sign in the user before accessing the database

For a (slightly) more time-consuming, but more secure, solution, call one of the signIn... methods of Firebase Authentication to ensure the user is signed in before accessing the database. The simplest way to do this is using anonymous authentication:

firebase.auth().signInAnonymously().catch(function(error) {
  // Handle Errors here.
  var errorCode = error.code;
  var errorMessage = error.message;
  // ...
});

And then attach your listeners when the sign-in is detected

firebase.auth().onAuthStateChanged(function(user) {
  if (user) {
    // User is signed in.
    var isAnonymous = user.isAnonymous;
    var uid = user.uid;
    var userRef = app.dataInfo.child(app.users);
    
    var useridRef = userRef.child(app.userid);
    
    useridRef.set({
      locations: "",
      theme: "",
      colorScheme: "",
      food: ""
    });

  } else {
    // User is signed out.
    // ...
  }
  // ...
});

Firebase permission denied

Your query is attempting to get the entire contents of the Users node, but your security rules don't allow that. The rules will not filter out the nodes that the user may not access (please read and understand that link). You will need to fetch only the part of the database that the user has been granted access by the rules. This means your rules allow access to only "Users/number/Personal Details" and "Users/number/Notifications", and nothing else.

Firebase Auth Permission Denied After Refreshing Token

The working query parameter for passing UD token is actually "auth" and not "access_token" as in the documentation.


Related Topics

Enabling Cross-Origin Resource Sharing on Iis7

Split a String by Commas But Ignore Commas Within Double-Quotes Using JavaScript

How to Call Jquery's Click() to Follow an <A> Link If I Haven't Bound an Event Handler to It with Bind or Click Already

How to Use Multiple Refs for an Array of Elements with Hooks

Axios Posting Params Not Read by $_Post

Add/Delete Table Rows Dynamically Using JavaScript

How to "Reset" <Div> to Its Original State After It Has Been Modified by JavaScript

JavaScript Filereader - Parsing Long File in Chunks

Run a Website in Fullscreen Mode

How to Determine Which HTML Page Element Has Focus

What Is the Minimum Valid JSON

Add Event Listener on Elements Created Dynamically

Cancel a Vanilla Ecmascript 6 Promise Chain

How Might I Find the Largest Number Contained in a JavaScript Array

Jquery Ajax Call to PHP Script with JSON Return

Check a Radio Button with JavaScript

Infinity Loop Slider Concepts

Setting Href Attribute at Runtime


Leave a reply



Submit