Edgaras Ausvicas Edgaras Ausvicas - 12 days ago 10
Android Question

Data fails to pass firebase's .validate rule

I got a weird error, after introducing some .validate rules to my database, I started getting permission denied whenever I try to send data from android device.

Rule is very simple :

"rules": {
"reportsToAdd": {
".read": "auth != null",
".write": "auth != null",
".validate": "newData.hasChildren(['displayName', 'title', 'description', 'lat', 'lng', 'imageLinks', 'uid', 'isNotified'])"
}
}


Just checking if object has those following attributes.

Meanwhile in Android device I have following model class

public class Report implements Serializable {
public String displayName;
public String title;
public String description;
public String uid;
public double lat;
public double lng;
public List<String> imageLinks;
public boolean isNotified = false;

public Report() { }
}


Logic for sending the report:

FirebaseDatabase database = FirebaseDatabase.getInstance();
DatabaseReference myRef = database.getReference("reportsToAdd");
myRef.push().setValue(report, new DatabaseReference.CompletionListener() { ... });


When .validate rule is removed, everything works fine, so it's not authentication issue, it's just validation, I checked couple of times now for misspells, all attributes are not null when sent. I don't think it should be problem cause by Serializable interface, since it's just an interface.

The full error:
com.google.firebase.database.DatabaseException: Firebase Database error: Permission denied

Answer

I think that you should not validate in this directory /reportsToadd/ because you upload them in /reportsToadd/randomstring/ with push() .

"rules": {
    "reportsToAdd": {
          "$id":{
               ".read": "auth != null",
               ".write": "auth != null",
               ".validate": "newData.hasChildren(['displayName', 'title', 'description', 'lat', 'lng', 'imageLinks', 'uid', 'isNotified'])"
               }
    }
}
Comments