-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure firebase rules #36
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have had a lot of trouble getting the rules set up as we need them. They are powerful, but really can't handle our special requirements, such as allowing anyone to increment purchase URI click counts.
At time of writing, I've left them in the best state I can, but naturally they will allow a few things we don't want to allow.
Requirements
I'll ignore managing users as they work separately to all this.
If you are logged in, you must be able to:
If you are not logged in, you must be able to:
Audit logs must never be updated.
Problems
Some of the rules depend on specific values in the record, and which fields are being populated/updated.
The rules are such that if a rule returns "true", you can't have a more specific rule that overturns that and returns false.
It seems to be hard to test in a generic rule whether or not you're creating an auditLog.
The rule simulator is very hard to use. Eg you can't save your tests. You need to perform about 15 different tests to know the rules are working correctly.
Notes
For audit logs, I was trying to do this to say, "You can only create records, and you can only do it if either you're logged in or the userType is 'anonymous'", but it didn't seem to work:
The text was updated successfully, but these errors were encountered: