Dates comparison causing Firestore security rules issue

After running the query shown below, I encountered a permission-denied message with an error in the "Monitor rules" tab.

const timeNow = useMemo(() => Timestamp.now(), []);
const query = query(
    postRef,
    where("tags", "array-contains-any", ["Event"]),
    where("publishDate", "<=", timeNow),
    orderBy("publishDate", "desc"),
    limit(4)
  );

Upon further investigation, I identified that the issue stemmed from the security rules section:

service cloud.firestore {
  match /databases/{database}/documents {
    match /posts/{postID}{
      allow read: if resource.data.publishDate <= request.time;
    }
  }
}

I experimented by adjusting the rule to 

resource.data.publishDate != null
, which returned true and allowed the request. However, altering it to 
resource.data.publishDate is timestamp
resulted in a denial.

This leaves me questioning whether there's an error in the query itself or if I overlooked something within the security rules?

javascriptfirebasegoogle-cloud-firestorenext.jsfirebase-security

Answer №1

Using request.time for range check in security rules is not feasible. Additionally, the Timestamp.now() token only functions when updating a document field and cannot be effectively used in a range filter.

The current rule will only be effective when retrieving a single document. It checks whether the date in the document field is less than or equal to the current time.

I am unaware of any immediate solutions. To address this issue, you may need to develop backend code that ensures the query filter always restricts the date range, with your application calling the backend to retrieve the data.

Answer №2

Your security rules syntax seems to be in good shape. I ran a simulation on my end to verify it. https://i.stack.imgur.com/VSzeT.png

It appears that the publishDate field in your document may not actually be in timestamp format, but rather storing a different type of value as a string. I discovered that the security rules will throw an error message if we attempt to compare request.time with a value other than a timestamp.

Therefore, I suggest updating the rule to: 

if resource.data.publishDate is timestamp && resource.data.publishDate <= request.time;

https://i.stack.imgur.com/b8N90.png

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

The execution of a function in PHP is determined by the data passed from Angular

I've encountered a new challenge while working on web development and would greatly appreciate some assistance. Currently, I have several buttons that need to execute different functions when clicked, such as ng-click='loadA', ng-click=&apos ...

javascriptphpjqueryangularjs

Choosing an option beforehand using angular-ui-select2 version 0.0.5

I'm struggling with setting a default option in a select2 dropdown using Angular and an ng-model. Here's my implementation: Angular controller code snippet $scope.filter = { searchValue: '', departmentId: 'Department2' } ...

javascriptangularjsangular-uiui-select2

Facing difficulties in Angular 8 while trying to import firestore and firebase for an authentication system

While attempting to implement Firestore/Firebase functionalities for Google OAuth signin, I encountered an error indicating that Firebase is not imported: https://i.sstatic.net/oL4rY.png CODE: ERROR in node_modules/@angular/fire/auth/auth.d.ts:4:28 - er ...

javascriptangularfirebasegoogle-cloud-firestore

What could be preventing my map function from successfully displaying API data on the browser?

Having trouble finding the correct path to map over nested data in my console. I need an Image component for each product in the array. https://i.stack.imgur.com/3nSj1.png Attempting to map over the object shown in the image below. Here is the async functi ...

reactjsfunctionnext.jsfetch-apireact-query

Navigating from production lines to the angular directive - what's the best route?

Can anyone advise on the proper method to initialize a variable with factory data in Angular? The current approach I'm using doesn't seem right to me. Am I doing it wrong? $scope.result = []; factoryCities.then(function(data){ $scope.result ...

javascriptangularjsfactory

Looking to update this jQuery pop-up menu script to be compatible with Ajax functionality

I came across this script at The issue arises when the script is called multiple times, resulting in a cascade of pop-outs within pop-outs. I am currently exploring ways to prevent the execution of the script if the pop-out has already been set. Below is ...

javascriptjqueryajax

`Animate your divs with slide in and slide out effects using

Currently, I am in the process of replicating a website and facing some challenges. This site is my inspiration for the project. I have managed to create a sliding effect using CSS, making the div slide in and out from the same direction. However, I want ...

javascripthtmlcss

What is the process for printing with JQuery?

I have nested divs with dynamically generated images in my HTML code. My problem is that when I click the print button, I want the corresponding image to be printed. <div id="outputTemp" style="display:none"> <div id="rightoutputimgae"> <di ...

javascriptjquery

XPath Selector in Puppeteer version 22.x

Despite poring over the latest Puppeteer v22.x documentation on XPath, I am still struggling to grasp how to effectively utilize XPath in Puppeteer 22.x. My goal is to click on an element that contains the text 'Next'. Here's the HTML snipp ...

javascriptnode.jsweb-scrapingxpathpuppeteer

Deciphering the creation process behind the "WhatsApp Web" front-end page

I'm currently exploring the creation process of the front-end page for WhatsApp Web, specifically focusing on the list of contacts located on the left side (<div id="pane-side">). The contact names within this list are identified by the class "e ...

javascripthtmlcss

TypeScript compiler encountering issue with locating immutable.js Map iterator within for of loop

I am currently facing a challenge with using immutable.js alongside TypeScript. The issue lies in convincing the TypeScript compiler that a Map has an iterator, even though the code runs smoothly in ES6. I am perplexed as to why it does not function correc ...

javascripttypescriptecmascript-6immutable.jstypescript-typings

The Bootstrap navigation pills do not function properly when using a forward slash in the tab link

I am currently working with Bootstrap and using nav pills. I have noticed that if I include a / sign in the link of a tab, it causes that specific tab to malfunction and triggers a JavaScript error in jQuery's own code when clicked on. How can I go ab ...

javascriptjquerytwitter-bootstrapnav-pills

Tween.js - Can you animate a variable using tweens?

Recently, I've been experimenting with three.js and tween.js and I'm curious if it's possible to animate a variable using tweening? Here are some of my attempts: 1) tween = new TWEEN.Tween(renderergl.toneMappingExposure).to( "0.001&qu ...

javascriptthree.jstween.jstweenjs

Error Encountered when Attempting to Retry AI SDK on Vercel's

I've been implementing code from the official AI SDK website but unfortunately, the code is not functioning properly. The error message I'm encountering is: RetryError [AI_RetryError]: Failed after 3 attempts. Last error: Failed to process error ...

javascriptreactjsnext.jsartificial-intelligencevercel

Problems with displaying Wordpress content on your web browser

I am having trouble getting my website content to display properly in a web browser, even though I built it using Wordpress. It appears that only the logo and the 'Services' bar are showing up on the page, while the rest seems to be missing. I s ...

javascriptcsswordpress

Error 422 encountered while trying to create a new asset using the Contentful Content Management API

My attempt to create and publish an image as an asset using the Contentful Content Management API has hit a roadblock. I managed to successfully create and publish an entry, but I can't seem to figure out why creating an asset is not working as expect ...

javascriptreactjscontentfulcontentful-managementcontentful-api

Firefox seems to handle webpages smoothly, whereas IE struggles to display them properly

Check out the code snippet below: self.xmlHttpReq = new XMLHttpRequest(); self.xmlHttpReq.onreadystatechange = function() { if(self.xmlHttpReq.readyState == 4 && self.xmlHttpReq.status == 200) { xmlDoc = self.xmlHttpReq.response ...

javascriptajax

MUI-Datatable rows that can be expanded

I'm attempting to implement nested tables where each row in the main table expands to display a sub-table with specific data when clicked. I've been following the official documentation, but so far without success. Below is a code snippet that I& ...

javascriptreactjsmaterial-uimui-datatable

What is the method for obtaining the most up-to-date JSON GET request URL?

Using JQGrid with search filters and setting loadOnce=false. I perform a search in the grid and observe the JSON request URL in firebug: http://localhost:8080/myapp/items/listGrid?ticketId=&_search=true&nd=1393573713370&rows=20&page=1& ...

javascriptjqueryjsonjqgrid

Notify the user with a Jqgrid alert when they attempt to select multiple checkboxes

When editing rows, I wanted to avoid multiple selections. In order to achieve this, I need to check the condition if(count>1) and display an alert message. I am struggling to figure out how to retrieve the count of selected checkboxes in jqGrid. var m ...

javascriptphpjqueryhtmlajax