CODEWITHSUNDEEP
firebasegoogle-cloud-firestorefirebase-security
Eric Larson
Eric Larson

Reputation: 519

Firestore Security Rules Failing Because They're Too Long

It appears my security rules are failing because they're too long. The two rules that are commented out cause the whole rule set to fail, but when run together in isolation, they both run successfully. Is there a limit I'm hitting that I'm unaware about?

match /transactions/{transactionId} {

    allow create, update: if
                    isSignedIn() &&
                    validateTransactionSchema() &&

                    // Succeeds when these rules are left out.
                    // These rules succeed on their own, but not when combined with others
                    // (incomingData().categoryId == null || categoryExists(incomingData().categoryId)) &&
                    // (incomingData().payeeId == null || payeeExists(incomingData().payeeId)) &&

                    accountExists(incomingData().accountId) &&
                    isBudgetOwner() &&
                    isPremium();

    function validateTransactionSchema() {
        return incomingData().keys().hasAll(['transactionDate', 'accountId', 'payeeId', 'categoryId', 'splits', 'memo', 'amount', 'cleared', 'locked']) &&
                                incomingData().size() == 9 &&
                                incomingData().transactionDate is timestamp &&
                                incomingData().accountId is string &&
                                (incomingData().payeeId == null || incomingData().payeeId is string) &&
                                (incomingData().categoryId == null || incomingData().categoryId is string) &&
                                incomingData().splits is list &&
                                (incomingData().memo == null || incomingData().memo is string) &&
                                incomingData().amount is number &&
                                incomingData().cleared is bool &&
                                incomingData().locked is bool;
    }
}

function isSignedIn() {
    return request.auth != null;
}

function isPremium() {
    return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isPremium == true;
}

function isBudgetOwner() {
    return get(/databases/$(database)/documents/budgets/$(budgetId)).data.userId == request.auth.uid;
}

function categoryExists(categoryId) {
    return exists(/databases/$(database)/documents/budgets/$(budgetId)/categories/$(categoryId));
}

function accountExists(accountId) {
    return exists(/databases/$(database)/documents/budgets/$(budgetId)/accounts/$(accountId));
}

function payeeExists(payeeId) {
    return exists(/databases/$(database)/documents/budgets/$(budgetId)/payees/$(payeeId));
}

function incomingData() {
    return request.resource.data;
}

Upvotes: 0

Views: 346

Answers (1)

FrancoisR
FrancoisR

Reputation: 51

The limit exposed by Bob Snyder has been raised to 10. This should help your situation. As per: https://firebase.googleblog.com/2018/06/announcing-firestore-security-rules.html

Upvotes: 1

Related Questions