身份验证后读取数据时 Firebase 权限被拒绝 [英] Firebase Permission denied when reading data after authentication

问题描述

我是 Firebase 的新手.我使用电子邮件和密码对用户进行了身份验证 -

I am new to Firebase. I authenticated the user using email and password -

final Firebase ref = new Firebase("https://app.firebaseio.com");
ref.authWithPassword("app@firebaseio.com", "password", new Firebase.AuthResultHandler() {

    @Override
    public void onAuthenticated(AuthData authData) {
        System.out.println("User ID: " + authData.getUid());
        getData(ref);
    }

    @Override
    public void onAuthenticationError(FirebaseError firebaseError) {
    }
});

但是在我读取数据时经过身份验证后，我收到Permission Denied.

But after authentication when I am reading the data, I am getting Permission Denied.

private void getData(Query ref) {
    ref.addValueEventListener(new ValueEventListener() {

        @Override
        public void onDataChange(DataSnapshot snapshot) {
            System.out.println(snapshot.getValue());
        }

        @Override
        public void onCancelled(FirebaseError firebaseError) {
            System.out.println("The read failed: " + firebaseError.getMessage());
        }
    });
}

这些是 Firebase 规则.

These are the Firebase rules.

{
    "rules": {
        "users": {
            "$uid": {
                ".read": "auth !== null && auth.provider === 'password'"
            }
        }
    }
}

推荐答案

Firebase 的权限模型只允许用户访问您明确授予访问权限的数据.由于在您的安全规则中，您只授予对 /users/$uid 的访问权限，因此用户无法从根 / 读取.Firebase 文档在规则级联".

Firebase's permission model only allows the user access to data that you explicitly give access to. Since in your security rules, you only give access to /users/$uid, the user cannot read from root /. The Firebase documentation covers this under "rules cascade".

您似乎想使用安全规则来过滤数据，而 Firebase 的安全模型无法做到这一点.请参阅规则不是过滤器" 在 Firebase 文档以及之前的这些问题和答案中:

You seem to want to use security rules to filter data, which is not possible with Firebase's security model. See the section "rules are not filters" in the Firebase documentation as well as these previous questions and answers:

• firebase 安全权限无效
• firebase 规则不起作用
• 如何使用 Firebase 规则仅授予特定权限叶节点

最简单的解决方案是允许读取users节点:

The simplest solution is to allow read of the users node:

{
    "rules": {
        "users": {
            ".read": "auth !== null && auth.provider === 'password'"
        }
    }
}

然后在该级别查询:

getData(ref.child("users"));

这篇关于身份验证后读取数据时 Firebase 权限被拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！