Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Firestore] Data Dropped On Permission Denied #6181

Open
SelaseKay opened this issue Aug 14, 2024 · 2 comments
Open

[Firestore] Data Dropped On Permission Denied #6181

SelaseKay opened this issue Aug 14, 2024 · 2 comments
Assignees
@tom-andersen
Labels
api: firestore type: feature request New feature or request

Comments

@SelaseKay
Copy link

SelaseKay commented Aug 14, 2024
edited
Loading

[READ] Step 1: Are you in the right place?

Issues filed here should be about bugs in the code in this repository.
If you have a general question, need help debugging, or fall into some
other category use one of these other channels:

  • For general technical questions, post a question on StackOverflow
    with the firebase tag.
  • For general Firebase discussion, use the firebase-talk
    google group.
  • For help troubleshooting your application that does not fall under one
    of the above categories, reach out to the personalized
    Firebase support channel.

[REQUIRED] Step 2: Describe your environment

  • Android Studio version: _____ Android Studio Hedgehog | 2023.1.1 Patch 2
  • Firebase Component: _____ (Firestore)
  • Component version: _____ "com.google.firebase:firebase-firestore:25.0.0"

[REQUIRED] Step 3: Describe the problem

I encountered an issue where a device was offline, and the permissions for a Firestore collection were changed. When the device reconnected and tried to upload data, I received a permission error:

2024-08-14 13:05:25.304 12838-12868 Firestore               com...mple.triageflutterfireandroid  W  (25.0.0) [WriteStream]: (ce5a72e) Stream closed with status: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}.

2024-08-14 13:05:25.312 12838-12868 Firestore               com...mple.triageflutterfireandroid  W  (25.0.0) [Firestore]: Write failed at test-collection/j320prNQkghLhwIf0z0j: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}

As a result, the data was never uploaded and got lost permanently.
Ideally, local data should never be removed unless explicitly instructed to do so.

Steps to reproduce:

Run

val firestore = Firebase.firestore

val settings = firestoreSettings {
        setLocalCacheSettings(
            persistentCacheSettings {
                setSizeBytes(FirebaseFirestoreSettings.CACHE_SIZE_UNLIMITED)
            }
        )
}

firestore.firestoreSettings = settings

val collection = firestore.collection("test-collection")

firestore.disableNetwork().addOnCompleteListener {
    val data = hashMapOf(
        "0" to 0,
    )

    collection.add(data)
}

Change the Firestore rules to

rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if false;
    }
  }
}

Wait a few moments for the new rules to take effect.
Run the previous code again but this time, without scoping the collection.add to firestore.disableNetwork().addOnCompleteListener. Also change the collection data to hashMapOf("1" to 0).
Your modified code should look like this:

val firestore = Firebase.firestore

val settings = firestoreSettings {
        setLocalCacheSettings(
            persistentCacheSettings {
                setSizeBytes(FirebaseFirestoreSettings.CACHE_SIZE_UNLIMITED)
            }
        )
}

firestore.firestoreSettings = settings

val collection = firestore.collection("test-collection")


val data = hashMapOf(
  "1" to 0,
)

collection.add(data)

You should get a permission denied error after running the above code.

Then change the rules to:

rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if true;
    }
  }
}

and run the code again but change hashMapOf("1" to 0) -> hashMapOf("2" to 0)

The expect result would be three documents in the "test-collection" collection, with data {"0": 0}, {"1": 0} and {"2": 0}. But when following the above steps, only {"2": 0} actually exists.

This issue is linked to flutterfire
@google-oss-bot
Copy link
Contributor

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

@tom-andersen tom-andersen added the type: feature request New feature or request label Aug 14, 2024
@tom-andersen
Copy link
Contributor

tom-andersen commented Aug 14, 2024
edited
Loading

@SelaseKay Thank you for the clear explanation.

The call to collection.add(data) will return a future that you can listen for success or failure, and thereby implement some error handling logic on your end. This doesn't cover the situation where your app is restarted and persistence is enabled. In that case, the write will be attempted best effort next time the app starts, and will fail or succeed silently.

The API currently doesn't afford tracking of queued writes, so I am marking this a feature request.

To better understand your situation:

Are you looking to attach an error handler within the app?
Do you simply want to monitor or log write errors?
Are you looking for greater control over the write queue, if so, what control do you want?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tom-andersen tom-andersen

Labels
api: firestore type: feature request New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tom-andersen @google-oss-bot @SelaseKay @lehcar09