Dates comparison causing Firestore security rules issue

After running the query shown below, I encountered a permission-denied message with an error in the "Monitor rules" tab.

const timeNow = useMemo(() => Timestamp.now(), []);
const query = query(
    postRef,
    where("tags", "array-contains-any", ["Event"]),
    where("publishDate", "<=", timeNow),
    orderBy("publishDate", "desc"),
    limit(4)
  );

Upon further investigation, I identified that the issue stemmed from the security rules section:

service cloud.firestore {
  match /databases/{database}/documents {
    match /posts/{postID}{
      allow read: if resource.data.publishDate <= request.time;
    }
  }
}

I experimented by adjusting the rule to 

resource.data.publishDate != null
, which returned true and allowed the request. However, altering it to 
resource.data.publishDate is timestamp
resulted in a denial.

This leaves me questioning whether there's an error in the query itself or if I overlooked something within the security rules?

javascriptfirebasegoogle-cloud-firestorenext.jsfirebase-security

Answer №1

Using request.time for range check in security rules is not feasible. Additionally, the Timestamp.now() token only functions when updating a document field and cannot be effectively used in a range filter.

The current rule will only be effective when retrieving a single document. It checks whether the date in the document field is less than or equal to the current time.

I am unaware of any immediate solutions. To address this issue, you may need to develop backend code that ensures the query filter always restricts the date range, with your application calling the backend to retrieve the data.

Answer №2

Your security rules syntax seems to be in good shape. I ran a simulation on my end to verify it. https://i.stack.imgur.com/VSzeT.png

It appears that the publishDate field in your document may not actually be in timestamp format, but rather storing a different type of value as a string. I discovered that the security rules will throw an error message if we attempt to compare request.time with a value other than a timestamp.

Therefore, I suggest updating the rule to: 

if resource.data.publishDate is timestamp && resource.data.publishDate <= request.time;

https://i.stack.imgur.com/b8N90.png

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Performing a MongoDB query in a controller using the MEAN stack with Node.js

My goal with this controller is to retrieve all the results of a collection. Despite having one item in the prop collection, I am encountering an undefined error. Error: Cannot call method 'find' of undefined This snippet shows my server.js fil ...

javascriptnode.jsangularjsmongodbmean-stack

Switching from using ngRouter to ui-router is a common

After purchasing an angularjs template for my application, I noticed that ngRouter was used instead of ui-router, which I am more comfortable with. So, I decided to switch to ui-router and update all the routes. However, I encountered some extra code in my ...

javascriptangularjsasynchronousangular-ui-routerangularjs-ng-route

Using TypeScript to chain observables in a service and then subscribing to them in the component at the end

Working with Platform - Angualar 2 + TypeScript + angularFire2 Within my user.service.ts file, I have implemented the following code to initiate an initial request to a firebase endpoint in order to fetch some path information. Subsequently, I aim to util ...

angulartypescriptfirebaseobservable

Retrieving over 300,000 rows from elasticsearch and saving them as a .csv document

Hi there, I am currently working on a website in nodejs that utilizes an Elasticsearch database. One of my indexes, 'bigData*', contains 366,844 rows with each row consisting of 25 items, each being a different string of varying sizes (with a max ...

javascriptdatabaseelasticsearchnpm

Execute JavaScript unit tests directly within the Visual Studio environment

In search of a method to run JavaScript unit tests within the Visual Studio IDE, I currently utilize TestDriven.net for my C# units tests. It's convenient to quickly view the test results in the output pane and I am seeking a similar experience for Ja ...

javascriptvisual-studiounit-testing

`Listening to a sound recording saved in MongoDB Atlas``

My application is hosted on Heroku, managing audio files stored with GridFS in a MongoDB Atlas database. This application is built using Next.JS and express. Let's focus on a specific record I have in the fs.files collection on MongoDB Atlas: _id: 4 ...

mongodbexpressnext.jsmedia-playergridfs-stream

Converting DatetimeWithNanoseconds to a date format in Python Firestore

Looking for a way to convert a Firestore timestamp into milliseconds or a date format using Python in order to make a calculation. Attempting to parse it as a date is resulting in a TypeError. TypeError: strptime() argument 1 must be str, not DatetimeWi ...

pythonfirebasedatetimegoogle-cloud-firestore

Issues with the functionality of the ZeroClipboard Angular plugin

"> I'm fairly new to Angular and currently experimenting with a module called ZeroClipboard. I've made adjustments to my application in order to incorporate the module and configured it as per the demonstration. var app = angular.module(&a ...

javascriptangularjszeroclipboard

Exploring nested static properties within TypeScript class structures

Check out this piece of code: class Hey { static a: string static b: string static c: string static setABC(a: string, b: string, c: string) { this.a = a this.b = b this.c = c return this } } class A { static prop1: Hey static ...

javascripttypescript

Incorporate dc.js into your Cumulocity web application

Our team is facing a challenge while trying to integrate dc.js into our Cumulocity web application. While the standalone version works perfectly, we encounter issues when attempting to use it within Cumulocity. Below is the code for our standalone applica ...

javascripthtmlcumulocity

Sending a post request using an AngularJS service

I have implemented the following code in my application. The dataService holds all the $http requests in my app. In the controller, I am using this function to call a Web Api service which returns the correct response. However, when the function customer ...

javascriptjqueryangularjsasp.net-web-api

In order to comply with JSX syntax rules in Gatsby.js, it is necessary to enclose adjacent elements

I want to apologize beforehand for the code quality. Every time I attempt to insert my HTML code into the Gatsby.js project on the index.js page, I encounter this error: ERROR in ./src/components/section3.js Module build failed (from ./node_modules/gatsb ...

javascripthtmlreactjsgatsby

What is the best way to search for and isolate an array object within an array of objects using Javascript?

I am attempting to narrow down the list based on offerings const questions = [ { "id": 2616, "offerings": [{"code": "AA"},{"code": "AB"}]}, { "id": 1505, "offerings": [ ...

javascriptarraystypescriptfiltering

Experiencing memory issues while attempting to slice an extensive buffer in Node.js

Seeking a solution for efficiently processing a very large base64 encoded string by reading it into a byte (Uint8) array, splitting the array into chunks of a specified size, and then encoding those chunks separately. The current function in use works but ...

javascriptnode.jsperformance

Recognizing a component through various page loads

The title of this question may not be the best, but I hope my explanation clarifies what I'm trying to achieve. It's 4AM, so please forgive any confusion in my message. What I want to do is identify if a user-selected element appears on any page ...

javascripthash

The Electron BrowserWindow turns dark post execution of the .show() method

Revision: After some tinkering, I discovered that the issue was related to the order in which I created the windows. Previously, my code looked like this: app.whenReady().then(() => { createWindow(); spawnLoadingBlockWindow(); spawnGenerati ...

javascriptnode.jselectron

I am having trouble comprehending this JavaScript code, could someone provide me with assistance?

Currently delving into the world of JavaScript functions and stumbled upon this code snippet with the following output: Output: "buy 3 bottles of milk" "Hello master, here is your 0 change" function getMilk(money, costPerBottle) { ...

javascript

Accepting multiple file inputs in a form without using a selector, but instead utilizing the 'this' keyword or finding an alternative approach

When dealing with single file uploads, you can access the file input using this.image <form id="form"> <input type="file" name="image"> <input type="submit" name="submit"> </form> $ ...

javascriptjquery

Creating Browser Extensions with Vue.js and Vue CLI

I am in the process of creating a Chrome Extension with a frontend powered by Vue.js. Everything was going smoothly using vuecli until my app started utilizing the Webextension-API. This API is only accessible to registered Extensions, not normal websites. ...

javascriptvue.jsgoogle-chrome-extensionvue-cli

How can I pass the data-attribute ID from JavaScript to PHP on the same index page using ajax?

I am struggling with the title for this section. Please feel free to modify it as needed. Introduction: I have been working on setting up a datatables.net library server-side table using JSON and PHP. Most of the work is done, but I am facing challenges w ...

javascriptphpjsonajax