I have a NSFW system where it checks the document if it is NSFW and if it is it updates the document field isNSFW to true. That works just fine but now I wanted to not show those documents to all users via settings a rule instead of querying it out.
This is what I have but it's not working...
javascript
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.uid != null;
}
}
match /users/{user} {
allow read: if true;
}
match /docs/{doc} { // THIS HERE
allow read: if resource.data.isNSFW == false;
}
}
I tried adding request. before the resource and it still didn't work.
UPDATE:
javascript
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// match /{document=**} {
// allow read, write: if request.auth.uid != null;
// }
match /users/{user} {
allow read: if currentUser().uid != null;
}
match /docs {
allow read: if existingData().users[currentUser().uid] == false;
}
match /docs/{doc} {
allow write: if currentUser().uid != null;
}
}
// MARK - Funcs ---------------
function existingData() {
return resource.data
}
function incomingData() {
return request.resource.data
}
function currentUser() {
return request.auth
}
function isSignedIn() {
return request.auth != null;
}
}
Getting error:
Listen for Query(docs where users.`40S88coPQObEWSeiYMZIJlIKJkI2` == false order by __name__) failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
If you are using Firebase Datastore, you can simply query 1
your data:
var myDB = db.collection("YOUR-DB-COLLECTION");
var query = myDB.where("isNSFW", "==", false);
If you are using GCP datastore, you do it this other way 2:
const query = datastore
.createQuery('YOUR-COLLECTION')
.filter('isNSFW', '=', false);
Your matches are not nested correctly. They should be inside the block that starts with match /databases/{database}/documents. Also, you should strongly consider removing the match on /{document=**} because that will let everyone read any document in the database if they're logged in, ignoring all other rules.
Related
I am trying to set the location of a user by using GeoFire's setLocation but I am getting a permission denied error.
String uid = (Provider.of<UserData>(context, listen: false).uid);
print(uid);
bool? response = await Geofire.setLocation(uid, location.latitude ?? 0.0, location.longitude ?? 0.0);
print(response);
Here is the output:
I/flutter (23479): z9jbb4W9gvbfkOt9mnPhsJBNxSX2
I/TAG (23479): setLocation
W/RepoOperation(23479): setValue at /users/z9jbb4W9gvbfkOt9mnPhsJBNxSX2 failed: DatabaseError: Permission denied
I/flutter (23479): false
Here are my gradle files:
android/build.gradle
dependencies {
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
implementation 'com.android.support:multidex:1.0.3'
implementation 'com.google.firebase:firebase-core:16.0.0'
implementation 'com.google.firebase:firebase-auth:16.0.1'
implementation 'com.google.firebase:firebase-database:12.0.1'
implementation 'com.google.firebase:firebase-storage:12.0.1'
implementation 'com.google.firebase:firebase-appcheck:16.0.0'
implementation 'com.firebase:geofire-android:2.3.1'
}
app/build.gradle
dependencies {
classpath 'com.android.tools.build:gradle:4.1.0'
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
classpath 'com.google.gms:google-services:4.0.1'
}
and here are my database rules on firestore:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
match /users/{userId}/{documents=**} {
allow read, write: if request.auth != null && request.auth.uid == userId;
}
}
}
I have tried setting the rules to True for everything and still get the same error.
The database structure is like so:
suppliers(collection)>user_email(document)
customers(collection)>user_email(document)>foo(field)
And the current firestore.rules is like so:
match /databases/{database}/documents {
//Base rule - fully restrictive
match /{document=**} {
allow read, write: if false;
}
//Checks if user is registered in the suppliers section
function isSupplierTeam(request) {
return exists(/suppliers/$(request.auth.token.email));
}
// Supplier self-data access
match /suppliers/{email} {
allow read, write: if request.auth.token.email == email;
}
match /suppliers/{email}/{document=**} {
allow read, write: if request.auth.token.email == email;
}
// Checking the Customer Sub-Section
match /customers/{email} {
allow read, write: if request.auth.token.email == email || isSupplierTeam(request);
}
match /customers/{email}/{document=**} {
allow read, write: if request.auth.token.email == email || isSupplierTeam(request);
}
}
And the query run in javascript, when logged in as a "supplier" is:
db.collection("customers").get()
.then((querySnapshot) => {
querySnapshot.forEach((doc) => {
console.log(doc.id);
console.log(doc.data());
});
})
.catch((error) => {
console.log("Error getting documents: ", error);
});
It doesn't seem to work and instead triggers a missing/insufficient permission error. How should I tweak my firestore.rules to allow suppliers to access the customer data?
So this works:
//Checks if user is registered in the suppliers section
function isSupplierTeam(request) {
return exists(/databases/$(database)/documents/suppliers/$(request.auth.token.email));
}
It seems like the full "URL" is needed to access the relevant firestore document.
I am trying to save data in MongoDB. I want to store unique data when data is not null. However, I want to allow multiple null values in the unique identifier.
My sample schema:
#Schema()
export class Contact extends Document {
#Prop({ unique: true, sparse: true, require: true })
email: string;
#Prop({ default: '+1' })
countryCode: string;
#Prop({ unique: true, sparse: true })
mobile: string;
}
In this case, a mobile number is not required. User can add their contact information with or without providing a mobile number. If the user sends their mobile number that should be unique. So, I need to allow multiple null values in the mobile field. However, that field should be unique when the user provides any mobile number.
Empty entries seem to get the value null so every entry without mobile crashes with the unique identifier.
Is there any way to solve this problem either from the database layer or the application layer?
I am using NestJS for developing my API.
A unique index still does not allow multiple docs with a field of null. You need to transform your data payload by dropping the null field before you save your docs in MongoDB. A transform pipe will help you to handle this issue. Here is a transform pipe that you can use for this purpose:
#Injectable()
export class NullValidationPipe implements PipeTransform {
private isObj(obj: any): boolean {
return typeof obj === 'object' && obj !== null;
}
private dropNull(values) {
Object.keys(values).forEach((key) => {
if (!(key === 'password' || key === '_id')) {
if (this.isObj(values[key])) {
values[key] = this.dropNull(values[key]);
} else if (Array.isArray(values[key]) && values[key].length > 0) {
values[key] = values[key].map((value) => {
if (this.isObj(value)) {
value = this.dropNull(value);
}
return value;
});
} else {
if (values[key] === null || values[key] === undefined) {
delete values[key];
}
}
}
});
return values;
}
transform(values: any, metadata: ArgumentMetadata) {
const { type } = metadata;
if (type === 'param' || type === 'custom') return values;
else if (this.isObj(values) && type === 'body') {
return this.dropNull(values);
}
throw new BadRequestException('Validation failed');
}
}
Use this pipe in the controller and this pipe will drop all incoming null fields which will come with the request payload.
You can also check nest pipe transform docs: https://docs.nestjs.com/techniques/validation
I am new to using firebase and ios development in general. I am having an issue with adding user's info to the firestore database even though they are being added as authenticated users. Any Suggestions?
Auth.auth().createUser(withEmail: email, password: password) { (result, err) in
if err != nil {
self.errorLabel.text = "Error Creating User"
self.errorLabel.alpha = 1
} else {
let db = Firestore.firestore()
db.collection("users").addDocument(data: ["firstname":firstname, "lastname":lastname, "uid":result!.user.uid]) { (error) in
if error != nil {
self.errorLabel.text = "error saving user data"
self.errorLabel.alpha = 1
}
}
self.transitionScreens()
}
}
}
}
Change your code to the following:
// Add a new document with a generated ID
var ref: DocumentReference? = nil
ref = db.collection("users").addDocument(data: [
"firstname": firstname,
"lastname": lastname,
"uid": result!.user.uid
]) { err in
if let err = err {
print("Error adding document: \(err)")
} else {
print("Document added with ID: \(ref!.documentID)")
}
}
Using this print statement print("Error adding document: \(err)") you can know exactly what the error is.
Also change your security rules to the following:
// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
Check out the following different rules you can give access to users depending on the data
service cloud.firestore {
match /databases/{database}/documents {
//allows all users to read and write, but dangerous as any one can flood your database
match /public_collection/{document=**} {
allow read, write: if true;
}
//only read access
match /public_read_collection/{document=**} {
allow read: if true;
allow write: if false;
}
//prefered for storing users personal info, users can access only their data
match /users/{userId} {
allow read, write: if request.auth.uid == userId;
}
//any authenticated user can access or write data
match /posts/{documentId} {
allow read, write: if request.auth.uid != null;
}
}
}
Is it possible in Firestore to define an index with a unique constraint? If not, how is it possible to enforce uniqueness on a document field (without using document ID)?
Yes, this is possible using a combination of two collections, Firestore rules and batched writes.
https://cloud.google.com/firestore/docs/manage-data/transactions#batched-writes
The simple idea is, using a batched write, you write your document to your "data" collection and at the same write to a separate "index" collection where you index the value of the field that you want to be unique.
Using the Firestore rules, you can then ensure that the "data" collection can only have a document written to it if the document field's value also exists in the index collection and, vice versa, that the index collection can only be written to if value in the index matches what's in the data collection.
Example
Let's say that we have a User collection and we want to ensure that the username field is unique.
Our User collection will contain simply the username
/User/{id}
{
username: String
}
Our Index collection will contain the username in the path and a value property that contains the id of the User that is indexed.
/Index/User/username/{username}
{
value: User.id
}
To create our User we use a batch write to create both the User document and the Index document at the same time.
const firebaseApp = ...construct your firebase app
const createUser = async (username) => {
const database = firebaseApp.firestore()
const batch = database.batch()
const Collection = database.collection('User')
const ref = Collection.doc()
batch.set(ref, {
username
})
const Index = database.collection('Index')
const indexRef = Index.doc(`User/username/${username}`)
batch.set(indexRef, {
value: ref.id
})
await batch.commit()
}
To update our User's username we use a batch write to update the User document, delete the previous Index document and create a new Index document all at the same time.
const firebaseApp = ...construct your firebase app
const updateUser = async (id, username) => {
const database = firebaseApp.firestore()
const batch = database.batch()
const Collection = database.collection('User')
const ref = Collection.doc(id)
const refDoc = await ref.get()
const prevData = refDoc.data()
batch.update(ref, {
username
})
const Index = database.collection('Index')
const prevIndexRef = Index.doc(`User/username/${prevData.username}`)
const indexRef = Index.doc(`User/username/${username}`)
batch.delete(prevIndexRef)
batch.set(indexRef, {
value: ref.id
})
await batch.commit()
}
To delete a User we use a batch write to delete both the User document and the Index document at the same time.
const firebaseApp = ...construct your firebase app
const deleteUser = async (id) => {
const database = firebaseApp.firestore()
const batch = database.batch()
const Collection = database.collection('User')
const ref = Collection.doc(id)
const refDoc = await ref.get()
const prevData = refDoc.data()
batch.delete(ref)
const Index = database.collection('Index')
const indexRef = Index.doc(`User/username/${prevData.username}`)
batch.delete(indexRef)
await batch.commit()
}
We then setup our Firestore rules so that they only allow a User to be created if the username is not already indexed for a different User. A User's username can only be updated if an Index does not already exist for the username and a User can only be deleted if the Index is deleted as well. Create and update will fail with a "Missing or insufficient permissions" error if a User with the same username already exists.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Index collection helper methods
function getIndexAfter(path) {
return getAfter(/databases/$(database)/documents/Index/$(path))
}
function getIndexBefore(path) {
return get(/databases/$(database)/documents/Index/$(path))
}
function indexExistsAfter(path) {
return existsAfter(/databases/$(database)/documents/Index/$(path))
}
function indexExistsBefore(path) {
return exists(/databases/$(database)/documents/Index/$(path))
}
// User collection helper methods
function getUserAfter(id) {
return getAfter(/databases/$(database)/documents/User/$(id))
}
function getUserBefore(id) {
return get(/databases/$(database)/documents/User/$(id))
}
function userExistsAfter(id) {
return existsAfter(/databases/$(database)/documents/User/$(id))
}
match /User/{id} {
allow read: true;
allow create: if
getIndexAfter(/User/username/$(getUserAfter(id).data.username)).data.value == id;
allow update: if
getIndexAfter(/User/username/$(getUserAfter(id).data.username)).data.value == id &&
!indexExistsBefore(/User/username/$(getUserAfter(id).data.username));
allow delete: if
!indexExistsAfter(/User/username/$(getUserBefore(id).data.username));
}
match /Index/User/username/{username} {
allow read: if true;
allow create: if
getUserAfter(getIndexAfter(/User/username/$(username)).data.value).data.username == username;
allow delete: if
!userExistsAfter(getIndexBefore(/User/username/$(username)).data.value) ||
getUserAfter(getIndexBefore(/User/username/$(username)).data.value).data.username != username;
}
}
}
[Its not a perfect solution but working]
I have done this unique key using key...
I want my table to be having unique date value. so i made it key of my document.
Any way i am able to get all documents
db.collection('sensors').doc(sensorId).collection("data").doc(date).set(dataObj).then(() => {
response.send(dataObj);
});
What about doing a Transaction to first check if there are documents with the same value in this unique field, and only create the document if the result is empty.
As an example, creating a User with username as unique field:
type User = {
id?: string
username: string
firstName: string
lastName: string
}
async function createUser(user: User) {
try {
const newDocRef = db.collection('Users').doc()
await db.runTransaction(async t => {
const checkRef = db.collection('Users')
.where('username', '==', user.username)
const doc = await t.get(checkRef)
if (!doc.empty) {
throw new FirebaseError('firestore/unique-restriction',
`There is already a user with the username: '${user.username}' in the database.`
)
}
await t.create(newDocRef, user)
})
console.log('User Created')
} catch (err) {
if (err instanceof FirebaseError) {
console.log('Some error in firebase')
//Do something
} else {
console.log('Another error')
//Do whatever
}
}
}
Is this code ok or am I missing something?.
This is possible using a transaction, where a reading must be made to find out if another document uses the unique value.
IMPORTANT: Transaction has to be done using a Firestore server library to ensure blocking on concurrent operations (https://firebase.google.com/docs/firestore/transaction-data-contention#transactions_and_data_contention)
I did several tests simultaneously using Cloud Functions simulating delays and it worked great. See an example:
const result = await admin.firestore().runTransaction(async (t) => {
const personsRef = admin.firestore().collection("persons").where('email', '==', data.email)
const query = await t.get(personsRef);
if (query.docs.length > 0) {
throw new functions.https.HttpsError('permission-denied', `email ${data.email} already exists`);
}
const newPersonRef = admin.firestore().collection("persons").doc();
t.set(newPersonRef, {name: data.name, email: data.email});
return "update success";
}
In this example it is guaranteed that two people cannot use the same email in the inclusion (the same should be done for email changes).
Based on the documentation from this section https://cloud.google.com/firestore/docs/manage-data/add-data#set_a_document
You can simply add a custom identifier when adding document object to a collection as shown below:
const data = {
name: 'Los Angeles',
state: 'CA',
country: 'USA'
};
// Add a new document in collection "cities" with ID 'LA'
const res = await db.collection('cities').doc('LA').set(data);
Using this https://cloud.google.com/firestore/docs/manage-data/add-data#node.js_4 as a reference when you use set as a method on your collection you can be able to specify an id for such document when you need to auto-generate an id you simply use the add method on your collection