Debugging security rules for Cloud Firestore

Question

I am setting up security rules for my Google Cloud Firestore database. I am trying to allow deletion of a document only if its timestamp value is more than 30 days in the past using the following logic:

allow delete: if
   resource.data.locked == false
   && (request.time - resource.data.timeStamp).seconds > 2592000;

When I try this I get Error: Missing or insufficient permissions. So, first question - am I going about this wrong or is my logic flawed?

And as a followup question, is there a way to debug rules? Perhaps a console.log equivalent whereby I can see the result of conditional rules as they are applied and check that I'm not submitting a string in place of a timestamp or anything daft like that?

I'm assuming that request.time is 'now' and that my resource.data.timeStamp is correct and that one minus the other returns a Duration and that thatDuration.seconds is returning a number but I'm a newb to this and any one of those assumptions could be wrong and it would be great to be able to see these values as they are processed.

Cheers all

Answer 1

There's now a local emulator to help debug Firestore rules. It won't allow you to step through the rules like a "real" debugger, but it'll at least give you more flexibility to test and verify which rules are broken.

Answer 2

I am not checked, please try something like this

request.time < resource.data.timeStamp + duration.value(30, "d");

And your second question, i don't know. There is no simulator like in Realtime database. Remember its still in beta.