triggers create() even though that node is not being created, subsequently failing on objectAccess === "owner".
Is this expected behavior? I'd expect in this case to skip all of CRUD alltogether and allow the write.
I understand that this may allow certain "probing" of the database by malicious users (to find null values), but it's still counter-intuitive and should likely be documented.
With the following rules:
And database looking like:
There are 2 pitfalls I have encountered so far:
"un-sharing" scenario: writing
triggers
create()
even though that node is not being created, subsequently failing onsharing_accepted_by_receiver == false
;"deleting" scenario: writing
triggers
create()
even though that node is not being created, subsequently failing onobjectAccess === "owner"
.Is this expected behavior? I'd expect in this case to skip all of CRUD alltogether and allow the write.
I understand that this may allow certain "probing" of the database by malicious users (to find
null
values), but it's still counter-intuitive and should likely be documented.