Firebase security rules to check unique value

[Stephan van Heest]

Hello,

I'm creating an app witch allows the user to collect website site data.

The data must be unique and I want to use the Firebase Security rules to enforce this.

The data is being storred like this:

{

  "sites" : {

    "-Ja9Nmx03OT3QT19YGpd" : {

      "name" : "Site 1"

    },

    "-Ja9No_bm8Vsf5yI-eu_" : {

      "name" : "Site 2"

    },

    "-Ja9NtOlZVrDtulW-1du" : {

      "name" : "Site 3"

    },

    "-Ja9NtmBYodvCohWOsNA" : {

      "name" : "Site 4"

    },

    "-Ja9OLdpDtzjcSvdbczG" : {

      "name" : "Site 5"

    },

    "-Ja9OLxrEwQ8Q-rB6ogx" : {

      "name" : "Site 6"

    }

  }

}

I've setup the following Firebase security rules:

{

    "rules": {

      ".read": true,

      

      "sites":{

        ".read": true,

        

        "$sites_id":{

          ".write": true,

          ".validate":"!data.exists()"

          

        }

      }      

    }

}

The problem is that the data will still be added even tho it is duplicate data.

{

  "sites" : {

    "-Ja9Nmx03OT3QT19YGpd" : {

      "name" : "Site 1"

    },    

    "-Ja9OLxrEwQ8Q-rB6ogx" : {

      "name" : "Site 2"

    },

    "-Ja9Qsu55iMZqJ1fnT3V" : {

      "name" : "Site 2"

    }

  }

}

I've read the documentation several times but I can't seem to find the correct way of doing this.

Can someone help me solve this issue?

Thanks

[Jacob Wenger]

Hey Stephan,

I don't think there is an way to enforce what you want via our Security and Firebase Rules and the way you have your data structured. The !data.exists() check simply ensures that existing data is not null. It does not check other sibling nodes and verify that their data is not duplicated.

If you want to ensure certain data, say a site name, is unique, you should use the site name as the actual key name for your data. So your data would look like this:

{

  "sites" : {

    "Site 1" : {

      ...

    },    

    "Site 2" : {

      ...

    },

    "Site 3" : {

      ...

    }

  }

}

Now you can add a rule which ensures that the key name does not already exist:

{

    "rules": {

      "sites":{

        ".read": true,

        

        "$sites_id":{

          ".write": true,

          ".validate":"!data.exists()"

        }

      }      

    }

}

Also, I notice you are nesting ".read": true rules. Note that .read and .write rules are ANDed together. This means that if a .read is true at ANY level in the hierarchy, not just the lowest level. Make sure you understand that security rules cascade.

Hope that help!

Jacob

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Justin Noel]

Stephan,

As Jacob mentioned, you can use the site name to be the key for your "sites" entries.  

When I first started using Firebase, I found myself trying to deal with things like this as well.  I wasn't grasping this because I thought "pushing" to a table was the way to do everything.  When you push, you get that unique ID.  I finally realized that the solution was to use "set" instead of push for many of these cases.  

Example : 

var ref =new Firebase("yourfirebase").child('site 1').set({ item1 : 'hello'});

The only concern with this is with special characters.  Firebase can't have keys that have special characters like ".".  So, if you were putting email addresses in, you need to use some mechanism to replaces those special characters with a replacement string.  Then, you need to remember to query with the replacement string.

http://stackoverflow.com/questions/19350486/how-to-authenticate-escaped-email-based-user-accounts-in-firebase

Hope that helps,

Justin

[Alexander Ivanov ✔]

Hi there

I do not fully understand why this technique is unattainable? Many of the API returns for us

uid {
    id: 'site 1' // there is an unique value
}

Why not? Is this feature Firebase?

Cheers!

[Tom Larkworthy]

Hi Alexander,

Push ids are client side generated and are unique. For a technical explanation of the technology, see https://www.firebase.com/blog/2015-02-11-firebase-unique-identifiers.html 

Push ids are used when you use ref.push(obj), see https://www.firebase.com/docs/android/guide/saving-data.html

Hope that helps.

Tom

--

You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/2eaa3439-edbb-4ac5-9111-2f31ffad046d%40googlegroups.com.

[Alexander Ivanov ✔]

Hi Tom.

Thank you! Exactly this question interests me.

But I can use only REST so I'm a little confused.

I have a data like this

root

---+ phones

   |---+ uid

       |---- number

       |---- group uid

       |---- some data else

In each group uid I have to have unique number. I don't yet have good ideas.

Thanks again. Alexander.

[Kato Richardson]

Alexander, this email thread is about using security rules to enforce unique IDs, not about creating records with unique IDs. Please ask your questions in a new thread rather than repurposing old discussions.

Your questions are covered in the REST Guide. I'd recommend giving it a read. You're looking for POST.

☼, Kato

--

You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/e8bd9293-ee97-4258-b32e-9a1dd40dc44b%40googlegroups.com.