Reputation: 9389
Security Rule "hasChild() || true" resolving to false?
For some reason the following security rule is resolving to false when I try to write an object without the property that should be verified in .hasChild(newData.child('ownerId').val()). The property isn't mandatory, so I'm up to accept a write without it.
"pizza": {
"$pizzaId": {
".write": "root.child('users').hasChild(newData.child('ownerId').val()) || true"
}
}
Thus, I'm getting a PERMISSION_DENIED when running something like the code bellow:
firebase.database().ref(`pizza/peperoneID`).set({
extraPepe: true
});
I know that I can fix it by just going with (newData.child('ownerId').exists() && .hasChild(...)) || true but I'm really trying to understand why the first option isn't enough.
Upvotes: 1
Views: 543
Answers (1)
Reputation: 58420
If there is no ownerId, you'll be passing null when you call hasChild.
That'll effect an error and that error will see your rule fail - so the trailing || true is ineffectual.
Upvotes: 1
Related Questions
- Firebase database rule - Check for initial child values
- Firebase security rule for data in same child
- Firebase realtime database security rule get child name
- Firebase on child added works even security rule denies the create object
- Firebase Database rules ignore child rule
- Firebase security rules to check unique value of a child #AskFirebase
- Database rule allowing to list children with read access
- Firebase security rules ensure children conditional
- Firebase security rules, setting a children not readable?
- firebase security rules child() expects a string error