Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accessing user that doesn't exist results in Firestore rule error #155

Open
1 task done
arkadiuszbachorski opened this issue Oct 5, 2024 · 0 comments
Open
1 task done

Accessing user that doesn't exist results in Firestore rule error #155

arkadiuszbachorski opened this issue Oct 5, 2024 · 0 comments
Assignees
@pauljohanneskraft
Labels
bug Something isn't working

Comments

@arkadiuszbachorski
Copy link
Contributor

Problem

Steps to reproduce

  1. Create a seeded environment
  2. Try getting access to user that doesn't exist, e.g. getDoc(doc(db, "users", "invalid-user-id"))

Firestore's Emulator shows the error happens on line allow 117, but I suppose it's caused by resorce.data.organization read on line 119 isOwnerOrClinicianOf.

Solution

Accessing user that doesn't exist should result with document not found instead of rules error. This allows clients to differentiate between wrong access and plain 404s.

Additional context

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct and Contributing Guidelines
@arkadiuszbachorski arkadiuszbachorski added the bug Something isn't working label Oct 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pauljohanneskraft pauljohanneskraft

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pauljohanneskraft @arkadiuszbachorski