Why can't I change the priority of my link to Firebase (Permission denied)

In my Firebase , I have an object that looks like this:

person
---- name
---- age

      

When I try to create it for the first time, I use this command:

firebaseRef.child("person").setValue(...)

      

This works great.

Sometimes I want to create this entry with priority and it can be done like this:

firebaseRef.child("person").setValue(..., myPriority)

      

This works great.

However, the priority must be updated later. I tried the following:

firebaseRef.child("person").setPriority(myPriority)

      

Unfortunately this fails with the "Permission denied" error message. Why is this?

The safety rules for this link are as follows:

"person": {
    ".read": true,
    ".write": true,
    "name": { ".validate": "newData.isString()" }
    "age": { ".validate": "newData.isNumber()" }
    "$other": { ".validate": false }
}

      

As you can see, node is read and written.

+3


source to share


1 answer


Problem:

The reason for the "permission denied" error is obviously in the security rules.

The problem is that the priority is stored in a "hidden" property .priority

, which is rarely mentioned in the documentation.

This property does not appear in Firebase Forge (dashboard), but it can be seen when exporting raw JSON.

Now the directive "$other": { ".validate": false }

does not allow checking any property other than name

and age

. Therefore, the "Permit Denied" error occurs.

However, I don't know why this object can be written in the first place when used setValue(..., myPriority)

. This should also throw an error.



Solution (half way):

It now seems obvious to add a new directive to the security rules that looks like this:

".priority": { ".validate": true }

      

But it doesn't work. Firebase Forge's answer:

Key names can't contain ".", "#", "$", "/", "[", or "]" (unbound names start with "$")

      

This means that we cannot properly solve this problem. We have to tweak our existing security rules with one flaw: the rule has "$other": { ".validate": false }

to be removed when we want to update the priorities, leaving us with a flawed check.

+3


source







All Articles