Firebase ChildEventListener isn't triggered with wildcard rules

Asked Sep 26 '17 at 15:02

Active Sep 27 '17 at 13:39

Viewed 21 times

Title says it all :D

{
"rules": {
    "items": {
    ".write": true,
    "$item": {
        ".read": true
    }
}
}

Now ChildEventListeners on /items aren't triggered anymore, even if every single item should be readable. But if I allow top level read, theres no way to restrict item level read permissions.

Is there any way to get both ChildEventListener and item-level security rules? Thanks for your help!

edited Sep 27 '17 at 13:39

Frank van Puffelen

565,676
79
828
807

asked Sep 26 '17 at 15:02

Zhyano

To be able read from `/items` you must have read permission on `/items`. Since that isn't the case in your rules, a listener on `/items` will be rejected. This is known as [rules are not filters](https://stackoverflow.com/search?tab=votes&q=%5bfirebase%5d%20rules%20are%20not%20filters) and I highly recommend browsing through those questions for an incredibly wealth of experience with this behavior of Firebase. If that doesn't address your question, please add the [minimal, complete code that reproduces the problem](http://stackoverflow.com/help/mcve). – Frank van Puffelen Sep 26 '17 at 15:47
Yeah, thanks for pointing in the right direction! But I've a question: _Why_ exactly shouldn't/can't you use rules as filters, as it would make life much easier, wouldn't it? – Zhyano Sep 26 '17 at 17:06
Okay, scalability... – Zhyano Sep 26 '17 at 17:22
Enforcing document-level security is a lot more resource intensive than enforcing security when the listener is attached. – Frank van Puffelen Sep 26 '17 at 17:42
Okay, thanks for the replies! – Zhyano Sep 26 '17 at 17:47

Firebase ChildEventListener isn't triggered with wildcard rules

0 Answers0