geofire-objc icon indicating copy to clipboard operation
geofire-objc copied to clipboard

Published 20 hours ago verified publisher icon firebase

Removal of priority breaks apps using the current security rules with "Permission denied"

Open ghowen opened this issue 6 years ago • 6 comments

The security rules in https://github.com/firebase/geofire-js/blob/master/examples/securityRules/rules.json uses getPriority() to validate a location on write.

By removing priority in https://github.com/firebase/geofire-objc/commit/96f40431d0d0fe3aac66bc0302da6c9cf3ab2f58, the rules now return a "permission denied" on writing a location as the validation of getPriority fails.

Also a version bump would have been nice for this as this would have helped troubleshooting ;)

ghowen avatar Mar 28 '18 16:03 ghowen

@mcdonamp can you update the security rules?

morganchen12 avatar Mar 28 '18 18:03 morganchen12

https://github.com/firebase/geofire-js/commit/6c658461ca07f76254d5f87341caf56ed3d552c9 should do it.

We should probably update JS and Android to no longer use priority as well.

asciimike avatar Mar 28 '18 18:03 asciimike

Rolling back that change since it causes the build to break. We'll need to update JS and Android before we do that. In the mean time, feel free to use Rules like in the commit.

asciimike avatar Mar 28 '18 18:03 asciimike

I am getting the following errors when trying to save the modified security rules (line numbers are a bit off, by they refer to the two lines changed in the commit mentioned by @mcdonamp .

Error saving rules – Line 18: No such method/property 'g'.; Line 22: No such method/property 'g'.

ghowen avatar Mar 29 '18 09:03 ghowen

The rules in my comment in https://github.com/firebase/geofire-js/commit/15238ae198dfad42d4329e7646d2710c335030fc seem to work for me. Maybe they can do the job?

ghowen avatar Mar 29 '18 09:03 ghowen

@ghowen thx for the solution

ghost avatar Apr 08 '18 04:04 ghost