1

I want to scan the database while registering a user to check if a certain 'username' is available or taken. I tried it using this code:

mDatabase.child("usernames").addValueEventListener(new ValueEventListener() {
                                @Override
                                public void onDataChange(DataSnapshot dataSnapshot) {
                                    if (dataSnapshot.getValue() != null) {
                                        if (dataSnapshot.getValue() == uniqueUserName.getText().toString()) {
                                            Snackbar snackbar = Snackbar
                                                    .make(coordinatorLayout, "Username already taken", Snackbar.LENGTH_SHORT);
                                            snackbar.show();
                                        } else {
                                            signingUpMethod();
                                        }
                                    } else {
                                        signingUpMethod();
                                    }
                                }

                                @Override
                                public void onCancelled(DatabaseError databaseError) {

                                }
                            });

But got this log:

W/SyncTree: Listen at /unique-usernames failed: DatabaseError: Permission denied

After doing some research, I find this answer: Firebase Permission denied Error

Current security rules:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

Though it solves the problem, this solution might be handy in testing phase, but what when publishing the app? Please let me know.

Community
  • 1
  • 1
Hammad Nasir
  • 2,889
  • 7
  • 52
  • 133

2 Answers2

3

For this situation you can simply extend your current rules to give everyone read access to your usernames like this:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null",
    "unique-usernames": {
        ".read": true
    }
  }
}

Also check out the security docs for more info because you can do a lot more with your security rules.

André Kool
  • 4,880
  • 12
  • 34
  • 44
  • hmm... well, would this be safe for security purposes? – Hammad Nasir Oct 04 '16 at 12:13
  • Yes, people can only read what is under "unique-usernames" if they are not yet authenticated, they won't be able to read anything else in your dtabse. Also because there isn't a write rule they won't be able to change anything when they are not authenticated. And i also suggest you take some time to read the docs to see what possibilities you have withing the security rules. – André Kool Oct 04 '16 at 12:15
  • @HammadNasir Also you can test your rules in the simulator, there is a button in the top right corner of your rules screen in the firebase console. – André Kool Oct 04 '16 at 12:19
  • hey, bro.. please help with this too: http://stackoverflow.com/questions/39859960/i-want-to-store-the-opened-rooms-chat-by-clicking-on-different-buttons-at-diffe – Hammad Nasir Oct 04 '16 at 19:40
0

In Firebase best way is to Authorize the using Firebase Authentication and the for getting the list of users you have to maintain your database when user is registered successully using its Firebase Realtime Database. You can't maintain Authorized user list using only Firebase Realtime Database

Lalit Poptani
  • 67,150
  • 23
  • 161
  • 242
  • please help with this too: http://stackoverflow.com/questions/39859960/i-want-to-store-the-opened-rooms-chat-by-clicking-on-different-buttons-at-diffe – Hammad Nasir Oct 04 '16 at 19:41