Firestore Security Rule:Add data based on timestamp value











up vote
1
down vote

favorite












I want to read or write some data from/to firestore based on a security rule that enforces user to correct his local machine date should be correct ,means neither past nor future.If the client machine time is not correct, he does not have the ability to read or write data;



now i have tried with security rule 



 service cloud.firestore {

 match /databases/{database}/documents {

 match /{document=**} {

  allow read:if true;

  allow create: if (request.resource.data.timestamp == request.time.toMillis());

  }

 }

}


but it always shows a message that permission denied.How can achieve this.?



my code is 



  batch.set(ref, {

    timestamp: new Date().valueOf(),

    name: formData.name ? formData.name.toLowerCase() : null,

    type: formData.type ? formData.type : 'percentage',

    rate: isNaN(formData.rate) ? 0 : Number(formData.rate),

    date1: formData.date1 ? new Date(formData.date1) : null,

    date2: formData.date2 ? new Date(formData.date2) : null,

    time1: formData.time1 ? formData.time1 : null,

    time2: formData.time2 ? formData.time2 : null,

    id: ref.id,

    createdAt: firebase.firestore.FieldValue.serverTimestamp(),

    typeArray,

    enabledDays: dateArray,

    isActive: true,

    isTotalEnabled: formData.dOnTotal,

  });


Thanks in advance






google-cloud-firestore angular6 firebase-security-rules







share|improve this question






















  • request.resource.data.timestamp == request.time.toMillis(). Are you expecting both timestamps to match down to a millisecond? Don't think it's possible (network delay, code execution delay...), you need to give it a bit more breathing space (like 10 - 15 seconds maybe).
    – MrAleister
    17 hours ago












  • How can i give a breathing space? can you please explain it? Or is there any way to check whether the client date is today date or not using firestore security rule?
    – pepe
    17 hours ago










  • Please see my answer. How precise you need to be (seconds, minutes, hours) ? Do you care about time zones ?
    – MrAleister
    17 hours ago

















up vote
1
down vote

favorite












I want to read or write some data from/to firestore based on a security rule that enforces user to correct his local machine date should be correct ,means neither past nor future.If the client machine time is not correct, he does not have the ability to read or write data;



now i have tried with security rule 



 service cloud.firestore {

 match /databases/{database}/documents {

 match /{document=**} {

  allow read:if true;

  allow create: if (request.resource.data.timestamp == request.time.toMillis());

  }

 }

}


but it always shows a message that permission denied.How can achieve this.?



my code is 



  batch.set(ref, {

    timestamp: new Date().valueOf(),

    name: formData.name ? formData.name.toLowerCase() : null,

    type: formData.type ? formData.type : 'percentage',

    rate: isNaN(formData.rate) ? 0 : Number(formData.rate),

    date1: formData.date1 ? new Date(formData.date1) : null,

    date2: formData.date2 ? new Date(formData.date2) : null,

    time1: formData.time1 ? formData.time1 : null,

    time2: formData.time2 ? formData.time2 : null,

    id: ref.id,

    createdAt: firebase.firestore.FieldValue.serverTimestamp(),

    typeArray,

    enabledDays: dateArray,

    isActive: true,

    isTotalEnabled: formData.dOnTotal,

  });


Thanks in advance






google-cloud-firestore angular6 firebase-security-rules







share|improve this question






















  • request.resource.data.timestamp == request.time.toMillis(). Are you expecting both timestamps to match down to a millisecond? Don't think it's possible (network delay, code execution delay...), you need to give it a bit more breathing space (like 10 - 15 seconds maybe).
    – MrAleister
    17 hours ago












  • How can i give a breathing space? can you please explain it? Or is there any way to check whether the client date is today date or not using firestore security rule?
    – pepe
    17 hours ago










  • Please see my answer. How precise you need to be (seconds, minutes, hours) ? Do you care about time zones ?
    – MrAleister
    17 hours ago















up vote
1
down vote

favorite









up vote
1
down vote

favorite











I want to read or write some data from/to firestore based on a security rule that enforces user to correct his local machine date should be correct ,means neither past nor future.If the client machine time is not correct, he does not have the ability to read or write data;



now i have tried with security rule 



 service cloud.firestore {

 match /databases/{database}/documents {

 match /{document=**} {

  allow read:if true;

  allow create: if (request.resource.data.timestamp == request.time.toMillis());

  }

 }

}


but it always shows a message that permission denied.How can achieve this.?



my code is 



  batch.set(ref, {

    timestamp: new Date().valueOf(),

    name: formData.name ? formData.name.toLowerCase() : null,

    type: formData.type ? formData.type : 'percentage',

    rate: isNaN(formData.rate) ? 0 : Number(formData.rate),

    date1: formData.date1 ? new Date(formData.date1) : null,

    date2: formData.date2 ? new Date(formData.date2) : null,

    time1: formData.time1 ? formData.time1 : null,

    time2: formData.time2 ? formData.time2 : null,

    id: ref.id,

    createdAt: firebase.firestore.FieldValue.serverTimestamp(),

    typeArray,

    enabledDays: dateArray,

    isActive: true,

    isTotalEnabled: formData.dOnTotal,

  });


Thanks in advance






google-cloud-firestore angular6 firebase-security-rules







share|improve this question













I want to read or write some data from/to firestore based on a security rule that enforces user to correct his local machine date should be correct ,means neither past nor future.If the client machine time is not correct, he does not have the ability to read or write data;



now i have tried with security rule 



 service cloud.firestore {

 match /databases/{database}/documents {

 match /{document=**} {

  allow read:if true;

  allow create: if (request.resource.data.timestamp == request.time.toMillis());

  }

 }

}


but it always shows a message that permission denied.How can achieve this.?



my code is 



  batch.set(ref, {

    timestamp: new Date().valueOf(),

    name: formData.name ? formData.name.toLowerCase() : null,

    type: formData.type ? formData.type : 'percentage',

    rate: isNaN(formData.rate) ? 0 : Number(formData.rate),

    date1: formData.date1 ? new Date(formData.date1) : null,

    date2: formData.date2 ? new Date(formData.date2) : null,

    time1: formData.time1 ? formData.time1 : null,

    time2: formData.time2 ? formData.time2 : null,

    id: ref.id,

    createdAt: firebase.firestore.FieldValue.serverTimestamp(),

    typeArray,

    enabledDays: dateArray,

    isActive: true,

    isTotalEnabled: formData.dOnTotal,

  });


Thanks in advance






google-cloud-firestore angular6 firebase-security-rules




google-cloud-firestore angular6 firebase-security-rules






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 17 hours ago









pepe

102310




102310












  • request.resource.data.timestamp == request.time.toMillis(). Are you expecting both timestamps to match down to a millisecond? Don't think it's possible (network delay, code execution delay...), you need to give it a bit more breathing space (like 10 - 15 seconds maybe).
    – MrAleister
    17 hours ago












  • How can i give a breathing space? can you please explain it? Or is there any way to check whether the client date is today date or not using firestore security rule?
    – pepe
    17 hours ago










  • Please see my answer. How precise you need to be (seconds, minutes, hours) ? Do you care about time zones ?
    – MrAleister
    17 hours ago




















  • request.resource.data.timestamp == request.time.toMillis(). Are you expecting both timestamps to match down to a millisecond? Don't think it's possible (network delay, code execution delay...), you need to give it a bit more breathing space (like 10 - 15 seconds maybe).
    – MrAleister
    17 hours ago












  • How can i give a breathing space? can you please explain it? Or is there any way to check whether the client date is today date or not using firestore security rule?
    – pepe
    17 hours ago










  • Please see my answer. How precise you need to be (seconds, minutes, hours) ? Do you care about time zones ?
    – MrAleister
    17 hours ago


















request.resource.data.timestamp == request.time.toMillis(). Are you expecting both timestamps to match down to a millisecond? Don't think it's possible (network delay, code execution delay...), you need to give it a bit more breathing space (like 10 - 15 seconds maybe).
– MrAleister
17 hours ago






request.resource.data.timestamp == request.time.toMillis(). Are you expecting both timestamps to match down to a millisecond? Don't think it's possible (network delay, code execution delay...), you need to give it a bit more breathing space (like 10 - 15 seconds maybe).
– MrAleister
17 hours ago














How can i give a breathing space? can you please explain it? Or is there any way to check whether the client date is today date or not using firestore security rule?
– pepe
17 hours ago




How can i give a breathing space? can you please explain it? Or is there any way to check whether the client date is today date or not using firestore security rule?
– pepe
17 hours ago












Please see my answer. How precise you need to be (seconds, minutes, hours) ? Do you care about time zones ?
– MrAleister
17 hours ago






Please see my answer. How precise you need to be (seconds, minutes, hours) ? Do you care about time zones ?
– MrAleister
17 hours ago














1 Answer
1






active

oldest

votes

















up vote
1
down vote



accepted










request.resource.data.timestamp == request.time.toMillis(). Give it a bit more leeway (10 s for example): 



math.abs(request.resource.data.timestamp - request.time.toMillis()) < 10000;





share|improve this answer








New contributor




MrAleister is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • thanks for your answer.if the leeway time is more than that of we mentioned,we can't make any read/write operation.How can we overcome this scenario?
    – pepe
    17 hours ago










  • I'm afraid I don't understand. Judging by the example of rules you gave, you dont want to allow write operation if record timestamp does not match server time. My example calculates absolute difference between two timestamps (in milliseconds) and check if its smaller than some leeway const. If not - there will be no write allowed (permission denied error). Please be aware this is not taking into account timezone differences (as I assume your record is created by client browser code - not by cloud function)
    – MrAleister
    17 hours ago












  • i applied your answer it perfectly works and i got your points.But it is my curiosity to know that is there any better way rather than this.?
    – pepe
    17 hours ago













Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53371182%2ffirestore-security-ruleadd-data-based-on-timestamp-value%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote



accepted










request.resource.data.timestamp == request.time.toMillis(). Give it a bit more leeway (10 s for example): 



math.abs(request.resource.data.timestamp - request.time.toMillis()) < 10000;





share|improve this answer








New contributor




MrAleister is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • thanks for your answer.if the leeway time is more than that of we mentioned,we can't make any read/write operation.How can we overcome this scenario?
    – pepe
    17 hours ago










  • I'm afraid I don't understand. Judging by the example of rules you gave, you dont want to allow write operation if record timestamp does not match server time. My example calculates absolute difference between two timestamps (in milliseconds) and check if its smaller than some leeway const. If not - there will be no write allowed (permission denied error). Please be aware this is not taking into account timezone differences (as I assume your record is created by client browser code - not by cloud function)
    – MrAleister
    17 hours ago












  • i applied your answer it perfectly works and i got your points.But it is my curiosity to know that is there any better way rather than this.?
    – pepe
    17 hours ago

















up vote
1
down vote



accepted










request.resource.data.timestamp == request.time.toMillis(). Give it a bit more leeway (10 s for example): 



math.abs(request.resource.data.timestamp - request.time.toMillis()) < 10000;





share|improve this answer








New contributor




MrAleister is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • thanks for your answer.if the leeway time is more than that of we mentioned,we can't make any read/write operation.How can we overcome this scenario?
    – pepe
    17 hours ago










  • I'm afraid I don't understand. Judging by the example of rules you gave, you dont want to allow write operation if record timestamp does not match server time. My example calculates absolute difference between two timestamps (in milliseconds) and check if its smaller than some leeway const. If not - there will be no write allowed (permission denied error). Please be aware this is not taking into account timezone differences (as I assume your record is created by client browser code - not by cloud function)
    – MrAleister
    17 hours ago












  • i applied your answer it perfectly works and i got your points.But it is my curiosity to know that is there any better way rather than this.?
    – pepe
    17 hours ago















up vote
1
down vote



accepted







up vote
1
down vote



accepted






request.resource.data.timestamp == request.time.toMillis(). Give it a bit more leeway (10 s for example): 



math.abs(request.resource.data.timestamp - request.time.toMillis()) < 10000;





share|improve this answer








New contributor




MrAleister is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









request.resource.data.timestamp == request.time.toMillis(). Give it a bit more leeway (10 s for example): 



math.abs(request.resource.data.timestamp - request.time.toMillis()) < 10000;






share|improve this answer








New contributor




MrAleister is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this answer



share|improve this answer






New contributor




MrAleister is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









answered 17 hours ago









MrAleister

24419




24419




New contributor




MrAleister is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





MrAleister is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






MrAleister is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • thanks for your answer.if the leeway time is more than that of we mentioned,we can't make any read/write operation.How can we overcome this scenario?
    – pepe
    17 hours ago










  • I'm afraid I don't understand. Judging by the example of rules you gave, you dont want to allow write operation if record timestamp does not match server time. My example calculates absolute difference between two timestamps (in milliseconds) and check if its smaller than some leeway const. If not - there will be no write allowed (permission denied error). Please be aware this is not taking into account timezone differences (as I assume your record is created by client browser code - not by cloud function)
    – MrAleister
    17 hours ago












  • i applied your answer it perfectly works and i got your points.But it is my curiosity to know that is there any better way rather than this.?
    – pepe
    17 hours ago




















  • thanks for your answer.if the leeway time is more than that of we mentioned,we can't make any read/write operation.How can we overcome this scenario?
    – pepe
    17 hours ago










  • I'm afraid I don't understand. Judging by the example of rules you gave, you dont want to allow write operation if record timestamp does not match server time. My example calculates absolute difference between two timestamps (in milliseconds) and check if its smaller than some leeway const. If not - there will be no write allowed (permission denied error). Please be aware this is not taking into account timezone differences (as I assume your record is created by client browser code - not by cloud function)
    – MrAleister
    17 hours ago












  • i applied your answer it perfectly works and i got your points.But it is my curiosity to know that is there any better way rather than this.?
    – pepe
    17 hours ago


















thanks for your answer.if the leeway time is more than that of we mentioned,we can't make any read/write operation.How can we overcome this scenario?
– pepe
17 hours ago




thanks for your answer.if the leeway time is more than that of we mentioned,we can't make any read/write operation.How can we overcome this scenario?
– pepe
17 hours ago












I'm afraid I don't understand. Judging by the example of rules you gave, you dont want to allow write operation if record timestamp does not match server time. My example calculates absolute difference between two timestamps (in milliseconds) and check if its smaller than some leeway const. If not - there will be no write allowed (permission denied error). Please be aware this is not taking into account timezone differences (as I assume your record is created by client browser code - not by cloud function)
– MrAleister
17 hours ago






I'm afraid I don't understand. Judging by the example of rules you gave, you dont want to allow write operation if record timestamp does not match server time. My example calculates absolute difference between two timestamps (in milliseconds) and check if its smaller than some leeway const. If not - there will be no write allowed (permission denied error). Please be aware this is not taking into account timezone differences (as I assume your record is created by client browser code - not by cloud function)
– MrAleister
17 hours ago














i applied your answer it perfectly works and i got your points.But it is my curiosity to know that is there any better way rather than this.?
– pepe
17 hours ago






i applied your answer it perfectly works and i got your points.But it is my curiosity to know that is there any better way rather than this.?
– pepe
17 hours ago




















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53371182%2ffirestore-security-ruleadd-data-based-on-timestamp-value%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Wiesbaden

Image
Wappen Deutschlandkarte 50.0825 8.24 117 Koordinaten: 50° 5′  N , 8° 14′  O Basisdaten Bundesland: Hessen Regierungsbezirk: Darmstadt Höhe: 117 m ü. NHN Fläche: 203,93 km 2 Einwohner: 278.654 (31. Dez. 2017) [1] Bevölkerungsdichte: 1366 Einwohner je km 2 Postleitzahlen: 65183–65207, 55246, 55252 Vorlage:Infobox Gemeinde in Deutschland/Wartung/PLZ enthält Text Vorwahlen: 0611, 06122, 06127, 06134 Kfz-Kennzeichen: WI Gemeindeschlüssel: 06 4 14 000 LOCODE: DE WIB NUTS: DE714 Stadtgliederung: 26 Ortsbezirke Adresse der Stadtverwaltung: Schlossplatz 6 65183 Wiesbaden Webpräsenz: www.wiesbaden.de Oberbürgermeister: Sven Gerich (SPD) Lage der Landeshauptstadt Wiesbaden in Hessen und im Regierungsbezirk Darmstadt Offizielles Logo der Landeshauptstadt Wiesbaden Flagge der Landeshauptstadt Wiesbaden Wiesbaden is
Read more

Marschland

Image
Kilometerweite Marsch in den Vier- und Marschlanden am Elbdeich Die Wedeler Marschlandschaft in Schleswig-Holstein Der Hadelner Kanal zur Entwässerung der Marsch Die tief gelegene Marsch und ein Entwässerungskanal Das Schöpfwerk Otterndorf im Land Hadeln zur Entwässerung der Medem verfügte damals bereits über die größte Kreiselpumpe Europas. Das Schöpfwerk in Neuhaus für die Aue und des Neuhaus-Bülkauer Kanals Als Marsch(land) (v. niederdt., altsächs. mersc ) – auch Masch , Mersch oder Schwemmland genannt – bezeichnet man eine nacheiszeitlich entstandene geomorphologische Landform im Gebiet der nordwestdeutschen Küsten und Flüsse sowie vergleichbare Landformen weltweit. Inhaltsverzeichnis 1 Landschaft 2 Entstehung 3 Marschböden 4 Nutzung 5 Marschgebiete in Deutschland 6 Siehe auch 7 Literatur 8 Weblinks 9 Einzelnachweise Landschaft | Marschen sind generell flache Landstriche ohne natürliche Erhebungen. Si
Read more

Dieringhausen

Image
Dieringhausen Stadt Gummersbach 50.982777777778 7.5316666666667 165 Koordinaten: 50° 58′ 58″  N , 7° 31′ 54″  O Höhe: 165  (160–245)  m Einwohner: 5055  (30. Jun. 2016) Postleitzahl: 51645 Vorwahl: 02261 Lage von Dieringhausen in Gummersbach Im Hohl ca. 1927–1930 Ansicht von Südwesten bei Bünghausen Dieringhausen (im örtlichen Dialekt Dierkesen ) ist ein Ortsteil von Gummersbach im Oberbergischen Kreis, Regierungsbezirk Köln, Nordrhein-Westfalen (Deutschland). Inhaltsverzeichnis 1 Geographie 2 Geschichte 3 Kultur 3.1 Sehenswürdigkeiten 3.2 Regelmäßige Veranstaltungen 4 Infrastruktur und Wirtschaft 4.1 Verkehr 4.1.1 Schienen- und Busverkehr 4.1.2 Straßen 4.2 Öffentliche Einrichtungen 4.2.1 Schulen und Bildungseinrichtungen 4.2.2 Kirchliche Einrichtungen 5 Persönlichkeiten 5.1 In Dieringhausen geboren 5.2 In Dieringhausen gelebt 6 Einzelnachweise 7
Read more