Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Is it necessary to check if auth.uid is not null if it is already checking for token

byMR
March 11, 2023

Currently

allow read, write: if request.auth.uid != null && request.auth.token.admin == true

Is it okay to do smth like this?

allow read, write: if request.auth.token.admin == true

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

It’s not necessary as trying to read property token of null (if user is not signed in) will just error out and reject the operation. You’ll find many examples in the documentation that do not check request.ath != null explicitly before request.auth.uid == '---' or any role validation.

request.auth.uid != null is redundant as token will be defined only if user is logged in and the role validation will pass if user is an admin irrespective of user ID.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading