pythonfirebasefirebase-storagefirebase-securitypyrebase

Firebase Storage Permission is kept being denied


My firebase Storage rule is now set as following :

rules_version = '2';

// Craft rules based on data in your Firestore database
// allow write: if firestore.get(
//    /databases/(default)/documents/users/$(request.auth.uid)).data.isAdmin;
service firebase.storage {
  match /b/{bucket}/o {
    match /user/{userId}/{allPaths=**} {
      allow read,write: if request.auth.uid == userId;
    }
  }
}

And my python code for uploading image is :

        self.storage.child(self.uid + '/'+fNameonServer+'.png').put(self.path_here + '/dummy.png')

And here is the error message that I am seeing.

  File "C:\Users\bboyc\PycharmProjects\turtle\.venv\turtle_main.py", line 1140, in uploadImage
    self.storage.child(self.uid + '/'+fNameonServer+'.png').put(self.path_here + '/dummy.png')
  File "C:\Users\bboyc\PycharmProjects\turtle\.venv\lib\site-packages\pyrebaselite\pyrebaselite.py", line 464, in put
    raise_detailed_error(request_object)
  File "C:\Users\bboyc\PycharmProjects\turtle\.venv\lib\site-packages\pyrebaselite\pyrebaselite.py", line 511, in raise_detailed_error
    raise HTTPError(e, request_object.text)
requests.exceptions.HTTPError: [Errno 403 Client Error: Forbidden for url: https://firebasestorage.googleapis.com/v0/b/jost-19f5e.appspot.com/o?name=lKIp1f9k05RmwP6CRWo6qT2Bcir1/imgJustice.png] {
  "error": {
    "code": 403,
    "message": "Permission denied."
  }
}

I think it should be storage rule error, since this code worked when the storage rule was only about date, but it does not work even the rule has no regulation. The problem is that I cannot understand what is wrong with this rule. I want to make storage accessible only if user logged in.


Solution

  • Your security rules matches object paths with the following pattern:

    /user/{userId}/{allPaths=**}

    But your code isn't using /user in the prefix at all, so the rule would not allow the write to happen.

    You should change your code to match the rule, or change the rule to match your code. If you changed your code, it might look like this:

    self.storage.child('/user/' + self.uid + '/'+fNameonServer+'.png')