firebase - Cloud functions seem to bypass validation rules, but it shouldn't -


    "connections-guests":{       "$user_id":{         "$to_user_id":{           ".validate": "             !root.child('/connections/' + $user_id + '/' + $to_user_id).exists()           ",           "score": {               ".validate": "newdata.val() * -1 <  now"           },           "$other": { ".validate": false }         }         }     }, 

apparently, on cloud functions, when create connections-guests node, it's successful, regardless of .validate.

however, in simulator (write: true root) , validation rule respected.

most accessing database using admin sdk within cloud functions code. when initialize admin sdk default settings runs full privilege , indeed bypasses security rules.

if don't want run administrative privilege, can either initialize admin sdk run @ lower privilege, or can access database through event.data.ref, runs user triggered function.


Comments

Popular posts from this blog

angular - DownloadURL return null in below code -

meteor - inserting data to database gives error "insert failed: Method '/texts/insert' not found" -