Content .remove() not removing any content

[Twansparant]

Hi there,

I use Flamelink in combination with Firebase authentication to view/create/update/delete documents in a appUsersschema. I also added custom firestore security rules like described here #86.

I add content to the schema with the entryId set to the user's authentication uid. This is all working great, well for the view/create part at least, somehow the delete part does not work.

I'm using the remove function from the Flamelink JavaScript SDK:

import firebase from 'firebase/app';
import 'firebase/auth';
import 'firebase/database';
import 'firebase/storage';

import flamelink from 'flamelink/app';
import 'flamelink/cf/content';
import 'flamelink/storage';

const firebaseConfig = {
    ...my config
};

const firebaseApp = firebase.initializeApp(firebaseConfig);
const flamelinkApp = flamelink({
    firebaseApp,
    locale: 'en-US',
    dbType: 'cf'
});

const handleDelete = async () => {
    const user = firebaseApp.auth().currentUser;
    try {
        await flamelinkApp.content.remove({
            schemaKey: 'appUsers',
            entryId: user?.uid
        });
        console.log('App user removed succesfully');
    } catch (error) {
        console.log(error);
    }
};
handleDelete();

These are my custom security rules, for debugging purposes I temporary always allowed delete.

// Flamelink custom Security Rules
match /fl_content/{document=**} {
    allow read: if isContentPermitted(resource.data._fl_meta_.schema, 'view', resource.data._fl_meta_.fl_id);
    allow update: if isContentPermitted(request.resource.data._fl_meta_.schema, 'update', request.resource.data._fl_meta_.fl_id);
    allow create: if isContentPermitted(request.resource.data._fl_meta_.schema, 'create', request.resource.data._fl_meta_.fl_id);
    //allow delete: if isContentPermitted(resource.data._fl_meta_.schema, 'delete', resource.data._fl_meta_.fl_id);
    allow delete: if true;
}

No matter what I try, it always logs 'App user removed succesfully', while the entry is still in the Cloud Firestore and the CMS. The user?.uid definitely has the correct value.

What am I missing here? Thanks!

[Twansparant]

I think this is caused by the fact that the fl_id & schema variables are not present in the resource.data object in the view security rule, which apparently is used in the Flamelink remove lookup query.

allow read: if isContentPermitted(resource.data._fl_meta_.schema, 'view', resource.data._fl_meta_.fl_id);

If I set both to true, the remove does work:

allow read, delete: if true;

For now I use the Firebase delete query:

const batch = firebaseApp
    .firestore()
    .batch();

const docs = await firebaseApp
    .firestore()
    .collection('fl_content')
    .where('_fl_meta_.fl_id', '==', user?.uid)
    .where('_fl_meta_.schema', '==', 'appUsers')
    .get();

docs.forEach(doc => {
    batch.delete(doc.ref);
});

await batch.commit()
    .then(() => {
        console.log('App user removed succesfully');
    })
    .catch(error => {
        console.log(error);
    });

Which works with my custom security rules!

[gitdubz]

Hi @Twansparant

Do you get the entry when you try the following

const logEntry = async () => {
    const user = firebaseApp.auth().currentUser;
    try {
        const entry = await flamelinkApp.content.get({
            schemaKey: 'appUsers',
            entryId: user?.uid
        });
        console.log(entry);
    } catch (error) {
        console.log(error);
    }
};
logEntry();

[Twansparant]

Yes I do!

[gitdubz]

And just to check, does the authenticated user have permission to delete entries based on their permissions in set in Flamelink?

Could you also please share your rule function for isContentPermitted.

[gitdubz]

Closing due to inactivity. Unable to reproduce behavior.