Unsubscribe doesn't prevent a call to firebase (=> permission denied)

[mparpaillon]

Hi, First of all, thanks for this great lib.

Here is my use case: I need the user uid to make a request to firebase so I have 2 nested Observables. One watching for user change (afAuth.authState.subscribe(user => ...)), another one watching for data change (this.db.list('flags/' + user.uid).subscribe(userFlags => ...)). When I sign out, even if I unsubscribe before the signout, the call is still made and I get a permission denied.

I'm pretty sure this is a "angularfire2-offline" issue since everything works fine if I replace my AngularFireOfflineDatabase import by the angularfire2 one AngularFireDatabase.

Thanks a lot

EDIT: Linked issue https://stackoverflow.com/questions/45276430/angularfire2-nested-observables-on-auth-change-and-permission-denied/45367331#45367331

[adriancarriger]

Hi @mparpaillon, there is an undocumented feature called reset that may help solve your issue.

Usage

You can call the method when a user signs out like this:

onUserSignout() {
  this.afoDatabase.reset()
}

Considerations

This will remove all offline data which means if you have writes made while offline they will not complete. This could potentially result in lost data.

Feedback

I would love to get feedback on this feature! I'm waiting to officially document it for the following reasons:

• It is the only method that doesn't line up with the AngularFire2 API (because it's offline specific)
• It may be too easy to accidentally lose data
• It has not yet been thoroughly tested in the wild/received enough feedback

Please let me know what you experience. Thank you! 👍

[mparpaillon]

Thanks adriancarriger, but I don't want to remove all offline datas, only one specific subscribe to avoid a permission denied. I guess the lib should listen to "unsubscribe" calls to avoid an unwanted call like in this example below:

this.subFlags = this.db.list('user_flags/' + user.uid).subscribe(...);
this.subFlags.unsubscribe();

The ref includes the user.uid and a rule on firebase prevents any user to access other user datas like this one. I really want the unsubscribe to prevent from other calls once signed out.

[adriancarriger]

Hi @mparpaillon, you're in luck.. the reset method does accept a string argument that will allow reseting a specific reference like this:

onUserSignout() {
  this.afoDatabase.reset('my/firebase/ref')
}

The reason unsubscribe does not remove offline user data is to support the use case where a developer would like to free up application memory and still have that data available offline in the future.

Hope that solves your issue!

[mparpaillon]

@adriancarriger Works great ! Thanks a lot :)

[mparpaillon]

@adriancarriger Arf, I still have a problem. Do I need to call reset() on each call like object(ref).set(value) or object(ref).remove() ?

Let's say my user, during the time he's logged in, saves 14 values and removes 5 other values, when he signs out, to prevent from getting a "permission denied" do I need to reset 19 ref ??

Is there a way to avoid this ? Is there a way to add a condition to a call ?

If the user has signed out, I don't want the calls including the user.uid to be made, because that gives me a "permission denied" which crashed the app.

[adriancarriger]

With the way it currently works you could:

• Lists - edit any item in a list reference and a single reset('my/list/ref') would do the trick.
• Objects - if it's a user editable area, you could get an object reference to user editable content (e.g. '/users/1') and then you would only need to call reset('users/1').
• Complex - for more complex situations you could save all references that would need to be reset and just loop through those during sign out (this is essentially what happens for the list example)

[mparpaillon]

Ok thank you :)

[adriancarriger]

No problem!