0

I am very new to queries in Firebase and query-based rules. I am trying to use query-based rules to retrieve specific data from the database, if and only if the group_id passed in the query is matching the group_id in the database at the given user with {user_id}

Code

Database reference: ref(users/{user_id}

Query

db.ref()
    .orderByChild("group_id")
    .equalTo(group_id) <- variable
    .on("value", (snapshot) => {
        return snapshot.val();
    });

JSON

root: {
  "users" : {
    "{user_id}" : {
      "email" : "[email protected]",
      "group_uid" : "{group_id}",
      "name" : "username",
    },
}

Rules

users:{
  $user_id:{
      ".read": auth.uid != null 
               && query.orderByChild == 'group_id' 
               && query.equalTo == data.child('group_id').val()
    }
}

My goal is to fetch the information about the user (email, group_uid and name), but the result returns null, and I can't seem to understand why.

Improve this question
2
  • 1
    Can you edit your question to show: 1) the JSON you're querying (as text, no screenshots please)? You can get this by clicking the "Export JSON" link in the overflow menu (⠇) on your Firebase Database console. 2) the minimal, full rules, so that we can see where you are defining this? 3) The minimal cb implementation, and its output. Commented Feb 3, 2021 at 16:52
  • Thanks for the quick reply. Updated the question now Commented Feb 3, 2021 at 17:25

1 Answer 1

Reset to default
0

There are a few things wrong in your code/rules.

First off, you seem to be querying at the root, but are hoping to read the nodes under /users. So you'll want to fix that to:

db.ref("users")
    .orderByChild("group_id")
    .equalTo(group_id)

Second, indexes and rules need to be defined at the location in the JSON that the user reads. Since the above reads from /users, that's where you need to have the ".read" rule to allow the query:

users:{
  ".read": auth.uid != null 
           && query.orderByChild == 'group_id' 
           && query.equalTo == data.child('group_id').val()
}

I'm not really sure what the data.child('group_id').val(), but I doubt it'll work as you have it now. If you need more help defining your data structure, please update your question to show a more complete snippet of the JSON.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

My intention with data.child('group_id').val() was to access the value of the group_uid of the given user. Also I am trying to query at a given user with db.ref(users/{user_id})
The query you showed .orderByChild("group_id").equalTo(group_id) only works when you run it on /users in the JSON you showed.
Okey thanks! So this query will order the users by the given group_id? My intention with the rule query.equalTo == data.child('group_id').val() was to ensure that the group_id given in the query is the same as the group_id value at the users. However, when the query is runned on /users, how do i access values from the users, such as group_id?
I'm not sure that is possible. Firebase security rules only check whether the query is valid when it is attached. They can't check every child node now and in the future, as that wouldn't scale. You may have to change your data model to allow the use case, for example by storing the messages keyed by group id.
Okey thanks again. To ensure that i am targeting the correct child, is it possible to run the query at ref("users/{user_id}")? Then use the rule query.equalTo == data.child('group_id').val() to ensure that the group_id given in the query is the same as the group_id value at the given the given user with {user_id}
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.