Null values are passed up the hierarchy

[Maradox]

When writing or patching a null value, the null is passed up the hierarchy which causes tests to fail when they should not.

Example:

{
  "rules": {
    "A": {
      "B": {
        "C": {
          ".read": true,
          ".write": true
        }
      }
    }
  }
}

Chai code:

1. expect().can.write({C: 1}).to.path('A/B'); - passes
2. expect().can.write({C: null}).to.path('A/B'); - fails: AssertionError: Expected an unauthenticated user to be able to write `null` to A/B, but the rules denied the write. No .write rule allowed the operation. Write was denied.
3. expect().can.patch({C: 1}).to.path('A/B'); - passes
4. expect().can.patch({C: null}).to.path('A/B'); - passes
5. expect().can.write({B: {C: 1}}).to.path('A'); - passes
6. expect().can.write({B: {C: null}}).to.path('A'); - fails: AssertionError: Expected an unauthenticated user to be able to write `null` to A, but the rules denied the write. No .write rule allowed the operation. Write was denied.
7. expect().can.patch({B: {C: 1}}).to.path('A'); - passes
8. expect().can.patch({B: {C: null}}).to.path('A'); - fails: AssertionError: Expected an unauthenticated user to be able to write `null` to A/B, but the rules denied the write. No .write rule allowed the operation. Write was denied.

[dinoboff]

Hi, which version are your using?

ps: the rules only allow read and write of A/B/C. Anything else than a read of or write to A/B/C. (or patch of A/B with an object having only a C property) would fail:

• 1, 5, 6 and 7 should fail.
• 2, 6 and 8 fail as I would expected.
• 3 and 4 pass as expected.

[dinoboff]

Please reopen if you can provide more details.

[Maradox]

Sorry for the late reply. I used 2.3.3, but I just updated now.

Just to clarify, because maybe I misunderstood the behavior of the patch rule.
Lets say I have a rule which only allows writes to:
A/B/C and A/X/Z
Firebase currently supports multi-location updates, so for example:
root.child("A").update("B: {C: ...}, X: {Z: ...}") does work.

Can this be simulated with a rule using patch?

[dinoboff]

Targaryen support multi-location updates.

Assuming you have the following rules:

{
  "rules": {
    "A": {
      "$foo": {
        "$bar": {
          ".read": true,
          ".write": true
        }
      }
    }
  }
}

Firebase allows something like that:

root.child("A").update({
  "B/C": "something",
  "X/Y": "something"
})

But not:

root.child("A").update({
  B: {C: "something"},
  X: {Y: "something"}
})

At least that how I understand it and how targaryen@3 simulates it.

https://firebase.google.com/docs/reference/js/firebase.database.Reference#update
https://firebase.googleblog.com/2015/09/introducing-multi-location-updates-and_86.html

[Maradox]

Actually this is supported by multi-location updates as far as I know and is also backed by the fact that our setup works in production:
/groupRelations/{uid0}/requests/{uid1} is writeable. Nodes above are not writeable.

Then we do the following:

const updates = {
  [groupId + '/requests/' + userId]: data,
  [userId + '/requests/' + groupId]: data
}
db.ref('groupRelations').update(updates)

[dinoboff]

Please read again what I wrote; Targaryen@3 support multilocation write operations using the patch assertion tests.

The failing operations I pointed out are failing because they are targeting a level without write permissions.

Please check dinoboff@be60fdf for an example.

[Maradox]

I will create an example project to test something I think is not working correctly. I will open a different issue if this is the case.

[dinoboff]

Thanks.