1

As an admin I am trying to get the users data so that I could 'read' and 'write' even through the rules of the firebase 'read','write' set to be false.

users
  |
  "uid"
    |-firstname: "xyz"
    |-lastname: "xyz"
    |-email: "xyz@gmail.com"

Here, is my rules

 "users": {      
 "$uid": {
    ".read": "auth != null && $uid === auth.uid",
        ".write": "auth != null && $uid === auth.uid"
        }
  }

when I am retrieving users data from firebase using FirebaseRecyclerOptions, users data display only when I set rules read and write to true but I want even if the rules set to be false through admin I could read and write. Is this possible

  FirebaseRecyclerOptions<Model> options =
            new FirebaseRecyclerOptions.Builder<Model>()
                    .setQuery(FirebaseDatabase.getInstance().getReference("Users"), Model.class)
                    .build();
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Aisha Kumari
  • 193
  • 2
  • 9
  • 2
    How do you define an admin? Like if only you are admin you can allow your userID to write data. If they could be multiple admins then custom claims can be useful too – Dharmaraj Mar 12 '22 at 05:45
  • there is only one admin which is only me but I am controlling the users data from different application with the same database but i want to read and write even if the rules are set to be false.....is this possible if not give me some solution...how could i control the users data @Dharmaraj – Aisha Kumari Mar 12 '22 at 07:17
  • @Frank van Puffelen can you please help me to find out the solution – Aisha Kumari Mar 12 '22 at 07:18

2 Answers2

2

Add a boolean to your user object and call it admin, set it false for all the users except you.

Now copy that to your firebasee rules:

"users": {      
   ".read": 
      "root.child('users').child($uid).child('Admin').val()",            
   ".write":"  
      "root.child('users').child($uid).child('Admin').val()"

 ,"$uid": {
    ".read": "auth != null && $uid === auth.uid",
        ".write": "auth != null && $uid === auth.uid"
        }
   }

}                
}

1

Just like the isActivated boolean I have in my Users you can create a boolean called isAdmin.Add it to your admin class , give it set and get methods in your class.When you upload it to firebase you can read and write this data. Then let your firebase rules to do the job.

Omer
  • 51
  • 5
  • "set it false for all the users except you", can you please show me one example please @Omer – Aisha Kumari Mar 12 '22 at 17:14
  • I edited my answer and added an example. – Omer Mar 13 '22 at 18:15
  • I have done the way you have told but I can't fetch data from firebase. I can't understand from where should I check the boolean in code, I am using firebaseRecyclerOption to fetch the data in recyclerView. what to do please tell me @Omer – Aisha Kumari Mar 14 '22 at 10:05
  • I am not using FirebaseRecyclerOption I use Listeners for SingleValueEvent and ValueEventListeners. – Omer Mar 14 '22 at 22:15
2

It depends on what "as an admin" means to you. If the application administrator is only you for example, you could simply hard-code your own UID in the security rules:

"users": {
  ".read": "auth.uid === 'yourOwnUid'"
  "$uid": {
    ".read": "auth != null && ($uid === auth.uid",
    ".write": "auth != null && $uid === auth.uid"
  }
}

This grants the one user access to all of /users, while everyone else can only read their own child node under that path.

Hard-coding the UID like this works great during development, as you're likely the only administrator. Later on when closer to release, you'll want to store a list of administrator UIDs in the database:

"Admins": {
  "yourOwnUid": true,
  "otherUid": true
}

You can then check in your rules whether the current user's UID exists in this path with:

"users": {
  ".read": "root.child('Admins').child(auth.uid).exists()"
  ...
}
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807