I'm working on setting up validaton rules for a Firebase data structure, created using the Bolt compiler.
I'm currently having the Bolt statement below:
path /sharedEvents/{share} is Boolean[] {
read() { isMailOfCurrentUser( share ) }
create() { isOwnerOfEvent( ...) } //NOT YET CORRECT!
delete() { isOwnerOfEvent( prior(...) } //NOT YET CORRECT!
}
With this, I'm trying to achieve that:
Only users having a mail corresponding to the key of 'share' are allowed to read the data (they use this date to retrieve the key of events shared with them.
Only the owner of an event is able to add/remove the key for his event to the list of shared events.
This second point is where I'm running into trouble -I'm not able to create the create/delete rules- since I have no idea how to reference the keys of the boolean values in the validation rule...
Example data in Firebase for the above bolt statement:
sharedEvents
ZW5kc3dhc0BldmVyeW1hMWwuYml6
-BDKBEvy-hssDhKqVF5w: true
-FDKBEvy-hsDsgsdsf5w: true
-ADBEvy-hfsdsdKqVF5w: true
aXQnc251bWJlcnNAbWExbDJ1LnVz
-KBEvy-hsDhH6OKqVF5w: true
To clarify the needs on this example:
Only user with mail 'ZW5kc3dhc0BldmVyeW1hMWwuYml6' is able to read the three nested childs.
Only the owner of event '-BDKBEvy-hssDhKqVF5w' should be able to create/delete this value. (the same for the other event key/boolean pairs).
My question: is this setup going to work (and how to setup the create/delete rules)? Or is this not going to work and should I rethink/structure the data?
Any help is appreciated!
-----------------OUTPUT JSON FILE------------------------------------------
The question above has been answered, this section is showing the resulting json
"sharedEvents": {
"$share": {
".read": "<removed for readability>",
"$event": {
".validate": "newData.isBoolean()",
".write": "<removed for readability>"
}
}
},
Thanks again for your quick support!
You'll need a nested path statement to handle the restriction on the events (the nodes under /sharedEvents/$mail/$eventid). I quickly prototyped with this JSON structure:
{
"events": {
"-ADBEvy-hfsdsdKqVF5w": {
"name": "Event 1",
"ownerMail": "aXQnc251bWJlcnNAbWExbDJ1LnVz"
},
"-BDKBEvy-hssDhKqVF5w": {
"name": "Event 2",
"ownerMail": "aXQnc251bWJlcnNAbWExbDJ1LnVz"
},
"-FDKBEvy-hsDsgsdsf5w": {
"name": "Event 3",
"ownerMail": "aXQnc251bWJlcnNAbWExbDJ1LnVz"
},
"-KBEvy-hsDhH6OKqVF5w": {
"name": "Event 3",
"ownerMail": "ZW5kc3dhc0BldmVyeW1hMWwuYml6"
}
},
"sharedEvents": {
"ZW5kc3dhc0BldmVyeW1hMWwuYml6": {
"-ADBEvy-hfsdsdKqVF5w": true,
"-BDKBEvy-hssDhKqVF5w": true,
"-FDKBEvy-hsDsgsdsf5w": true
},
"aXQnc251bWJlcnNAbWExbDJ1LnVz": {
"-KBEvy-hsDhH6OKqVF5w": true
}
},
"userMails": {
"peter": "aXQnc251bWJlcnNAbWExbDJ1LnVz",
"puf": "ZW5kc3dhc0BldmVyeW1hMWwuYml6"
}
}
And came up with these rules:
path /sharedEvents/{share} {
read() { isMailOfCurrentUser(share) }
}
path /sharedEvents/{share}/{event} is Boolean {
create() { isOwnerOfEvent(event) }
delete() { isOwnerOfEvent(prior(event)) }
}
isMailOfCurrentUser(share) { true }
getMailOfCurrentUser(uid) { root.ownerMails.uid }
getEventOwnerMail(event) { root.events.event.ownerMail }
isOwnerOfEvent(event) { getMailOfCurrentUser(auth.uid) == getEventOwnerMail(event) }
Ignoring any mistakes on my end, this should be the basics of the authorization structure you're looking for.
Related
I want to add links to some related entities and collection, without all property data in one response, only the Link.
For unterstanding I structure the Question in some parts
Simple example of data Model
Order
Order->AddressFrom (Entity)
Order->PackageItems (Collection)
Which is the wright HAETOAS way to generate links or how to name entities in response.
First question: How to link address, double in entity name and links part and how to nam?
{
"_embedded":{
"orders":[
{
"id":"id",
"addressLinkFrom":{
"href":"link"
},
"_links":{
"self":{
"href":"link"
},
"addressFrom":{
"href":"d"
}
}
}
]
}
}
or
"addressFrom":{
"href":"link"
},
"_links":{
...
}
or
or
"addressFrom":{
"self":{
"href":"link"
}
},
"_links":{
...
}
Second: How to link collection to specific and not all entities
{
"_embedded":{
"orders":[
{
"id":"id",
"packageItemIds":[
{
"href":"link"
},
{
"href":"link"
}
]
}
]
}
}
or
"packageItemIds":[
{
"self:"{
"href":"link"
}
}]
Third: How is the right format for (update, post), which I have to parse, like the address, where I'm sending the ID or like the packageItems, where I sending the link.
{
"id":"id",
"addressFrom":{
"id":"12345"
}
"packageItems":[
{
"href":"link"
},
{
"href":"link"
}
]
}
For your information, as frontend Client I'm using lagoshny /
ngx-hateoas-client,
when someone has their extra information beside the HAETOAS standard, how is the best way, please tell me.
Thanks for your help.I want to add links to some related entities and collection, without all data in one response.
Using Firestore Security rules, I was wondering if there is anyway to directly view a parent document using path? For example, for any path in a subcollection, I would want to do the following:
match /myRootCollection/{myRootDoc=**} {
allow write: if request.path.split('/')[0] === "myRootDoc1":
}
I understand I can also just have the reference of myRootDoc1 in the subcollection's documents as so:
{
myRootCollection: {
{myRootDoc1}: {
mySubCollection: {
{mySubCollectionDoc1}: {
name: "someUser0",
parent: "myRootDoc1",
},
{mySubCollectionDoc2}: {
name: "someUser1",
parent: "myRootDoc1",
},
{mySubCollectionDoc3}: {
name: "someUser2",
parent: "myRootDoc1",
},
}
{myRootDoc2}: {
mySubCollection: {
{mySubCollectionDoc1}: {
name: "someUser3",
parent: "myRootDoc2",
},
{mySubCollectionDoc2}: {
name: "someUser4",
parent: "myRootDoc2",
},
{mySubCollectionDoc3}: {
name: "someUser5",
parent: "myRootDoc2",
},
}
}
}
}
Here, I would be able to read the mySubCollectionDocs if they are under a specific parent. The above works because I have the field directly in each doc, but is it possible to just read a mySubCollectionDoc and get its parent using path from Firestore Security without the specified field?
If I am able to, how would I able to query using node.js (as Firebase protects against any potential leaky queries)?
Thanks in advance.
Try this:
match /myRootCollection/{myRootDoc}/mySubCollection/{id} {
allow write: if myRootDoc == "xxx";
}
I am using Drupal 8 JSON:API to expose data to my Gatsby site. I have built a GraphQL query to expose a list of "officers" which contains a field with a relationship to a set of "service periods". The data returned by the API is correct, but I would like to filter for only one specific child record (service period) and can not figure out how to do that. My query is:
officerList: allGroupContentLodgeGroupNodeOfficer(filter: {relationships: {entity_id: {relationships: {field_position: {elemMatch: {relationships: {field_service_period: {drupal_internal__tid: {eq: 203}}}}}}}}}) {
edges {
node {
r: relationships {
entity_id {
r: relationships {
field_position {
r: relationships {
field_position {
name
}
field_service_period {
name
drupal_internal__tid
}
}
}
}
title
}
}
}
}
}
}
The resulting JSON set is:
"data": {
"officerList": {
"edges": [
{
"node": {
"r": {
"entity_id": {
"r": {
"field_position": [
{
"r": {
"field_position": {
"name": "Governor"
},
"field_service_period": {
"name": "2018 - 2019",
"drupal_internal__tid": 203
}
}
},
{
"r": {
"field_position": {
"name": "Junior Past Governor"
},
"field_service_period": {
"name": "2019 - 2020",
"drupal_internal__tid": 204
}
}
}
]
},
"title": "Tom Jones"
}
}
}
}
]
}
}
}
I understand the resulting set is correct because the child is within the root. However, I can not see how to filter the full query to include only certain child records. Is this even possible? I have seen some implementations of GraphQL that seem to allow filters to be placed on children, but I don't think this is possible in Gatsby.
I have searched everywhere for possible solutions and have been banging my head against the wall for a few days. Any insight is GREATLY appreciated!
TIA!
I have a database containing a structure similar to the one shown below. Since I am not allowed to make it public I am using the following keys:
i = {0,1,2,3....}
All a(i) represent single key/value pairings e.g. userName: "awesome"
With the below structure, every time a User wants to create new Stuff these are the steps I currently take
Store images to FIRStorage and retrieve their respective downloadURL
Then I add the Stuff to FIRDatabase. At this point I add all of the info related to a(i) because they're all under a single child; Stuff.UUID, hence I send one huge dictionary consisting of the data.
The issue arises in adding data to the mini-dictionaries. Because they are in different paths, I have to individually make requests to all of them as shown below
I then add location info
Followed by the respective child of timeStamp
The images information is next to be updated
Subscribe the User to respective Stuff.UUID
Lastly add the User.UUID to the members portion of Stuff
Is it possible to reduce steps 3-7?
As a follow up, is it possible to add values into different paths with one call?
PS: Link to what the code of the above demo might look like. Due to confidentiality stuff I am not allowed to post the actual code.
{
"Users":
{
"JglJnGDXcqLq6m844pZ":
{
a(0),
a(1),
a(2),
a(3),
a(4),
a(5),
"Stuff":
{
"fcWpzduhpPn8XR6Zqca": true,
"gfntTr6TkDwZ439jkW8": true
}
}
},
"Stuff":
{
"fcWpzduhpPn8XR6Zqca":
{
a(0),
a(1),
a(2),
a(3),
a(4),
a(5),
a(6),
a(7),
"location":
{
"latitude":"-17.41439",
"longitude":"-5.85170"
},
"timestamp":
{
"created":
{
a(0),
a(1),
a(2),
a(3),
a(4),
a(5),
},
"lastModified":
{
a(0),
a(1),
a(2),
a(3),
a(4),
a(5),
}
},
"images":
{
"B4FaR6wfJAeXqJ29T33":
{
"imageURL": "https://google.com"
}
},
"members":
{
"JglJnGDXcqLq6m844pZ": true,
"DpHAfrqL4eqbR8QNgHg": true
}
}
}
}
I store my data on Firebase with the format
{
"list": [
"id created by Firebase": {
"foo": "bar"
},
"another id created by Firebase": {
"foo": "bar"
},
...
]
}
I would like to create an index on foo, using Firebase Rules.
However, according to Firebase doc, I need to know the specific ID created by Firebase to put in the rules specification.
Does anyone know of a way to get around this?
You don't need to know the specific ID, that wouldn't be possible. You simply need to have an .indexOn rule on the parent node. https://www.firebase.com/docs/security/guide/indexing-data.html
{
"rules": {
"list": {
".indexOn": ["foo"]
}
}
}
If you need to add additional rules for the children, then you add those normally like so:
{
"rules": {
"list": {
".indexOn": ["foo"],
"$item": {
"foo": {
".validate": "newData.isString()"
}
}
}
}
}