Firebase multi-path update - Permission denied -

i have been trying add rules firebase database few days error keeps poping , can't find wrong.

there error :

firebase warning: update @ / failed: permission_denied

permission_denied: permission denied

i searched solutions , found related post (permission denied error during multiple update on firebase). seems displayed error not right. though got because had no rights set on root path ('/'), according post, not problem.

i tried set 3 'write' rules 'true' , works, guess problem must in rules.

see below code.

angular service:

let event = {     "title": "title"     "uid": "fzon4aeqgknnrlhqmh7zwynhttp1" }  let uid = this.authservice.fbuser.uid; let eventid = this.db.list('eventsdata').push(undefined).key;  let updateobject = {}; updateobject[`eventdata/${eventid}`] = event; updateobject[`userevents/${uid}/${eventid}`] = true; updateobject[`eventguests/${eventid}/${uid}`]= {   attendance: 2 // , other data };  return this.db.object('/').update(updateobject); 

data hierarchy:

{   "eventdata" : {     "-kptonew3mkrfaclnqa6" : { //some data equal 'event' object in above angular service }   },   "eventguests" : {     "-kptonew3mkrfaclnqa6" : {       "fzon4aeqgknnrlhqmh7zwynhttp1" : { // data }     }   },   "userevents" : {     "fzon4aeqgknnrlhqmh7zwynhttp1" : {       "-kptonew3mkrfaclnqa6" : true     }   },   "users" : {     "fzon4aeqgknnrlhqmh7zwynhttp1" : { //some data }   } } 

firebase rules : (i removed '.read' rights make code cleaner not part of problem)

{   "rules": {     "eventdata": {       "$eventid": {         // event owner can update data         // old > ".write": "auth.uid == data.child('uid').val()"         // new         ".write": "(newdata.child('uid').val() == auth.uid) && (!data.exists() || data.child('uid').val() == auth.uid)"       }     },     "eventguests": {       "$eventid": {         "$uid": {           // event owner can add event           // actual user can modify attendance             ".write": "(auth.uid == root.child('eventdata').child($eventid).child('uid').val() ) || (auth.uid == $uid && data.exists() && newdata.exists())"         }       }     },     "userevents": {       "$uid": {         "$eventid": {             // event owner can add event someone's list           ".write": "auth.uid == root.child('eventdata').child($eventid).child('uid').val()"         }       }     }   } } 

thanks taking !

update :

since correction of bug frank, ran new tests.

i did update not in multi-path way, 1 one, commenting ones did not want run. in addition, tried static values.

let updateobject = {}; updateobject[`eventdata/-kpu9op4_s3jcetav6xn`]= {     "title": "title"     "uid": "fzon4aeqgknnrlhqmh7zwynhttp1" }; return this.db.object('/').update(updateobject); 

then :

let updateobject = {}; updateobject[`userevents/${uid}/-kpu9op4_s3jcetav6xn`]= true; return this.db.object('/').update(updateobject); 

and :

let updateobject = {}; updateobject[`eventguests/-kpu9op4_s3jcetav6xn/${this.authservice.fbuser.uid}`]= {   attendance: 2 // , other data }; return this.db.object('/').update(updateobject); 

the 3 of them worked.

but when run code using multi-path (3 @ same time), still permission denied error.

a first mistake seems in /eventdata/$event:

".write": "auth.uid == data.child('uid').val()"  

since data existing data @ location, i'm pretty sure rule fail when there no existing data.

more want:

(newdata.child('uid').val() == auth.uid) &&  (!data.exists() || data.child('uid').val() == auth.uid)