I am currently developing a web app on Firebase that uses Firepad as one of the tools.
Everything was working fine until I tried to secure the realtime database with rules. Here are the new rules
{
"rules": {
"allmembers":{
".read":"auth != null",
".write":"auth != null && !data.exists() && newData.exists()"
},
"orgs":{
"$org":{
".read": "data.child('members/'+auth.uid).exists()",
".write": "data.child('members/'+auth.uid).exists()",
"info":{
},
"members":{
},
"processes":{
"$process":{
"bpm":{
},
"firepad":{
}
}
}
}
}
}
}
To put it short, the idea is to keep a general record of every member with a single value that is the ID of the organization where they belong, and then use it to give them access to the firm's data.
The rules work well for set/get data of $org such as modifying "members" or "bpm" except for orgs/$org/processes/$process/firepad.
So why does the console give me this warning and firepad cannot read and write data in firebase database?
FIREBASE WARNING: set at /orgs/1/processes/processus/firepad/users/0xcNuXRLk0g2fedKfH35qLFxy9R2/cursor failed: permission_denied
EDIT: Here the example that I currently use and works. However, with the rule ".read":true, everyone can access to Firepad of other orgs?
{
"rules":{
"orgs":{
"$org":{
".read":"data.child('members/'+auth.uid).exists()",
".write":"data.child('members/'+auth.uid).exists()",
"info":{
},
"members":{
},
"processes":{
"$process":{
"bpm":{
},
"firepad":{
"history":{
".read":true
},
"checkpoint":{
".read":true
}
}
}
}
}
}
}
}
It looks like you have an errant "processus" in your path:
/orgs/1/processes/
processus/firepad/users/0xcNuXRLk0g2fedKfH35qLFxy9R2/cursor