maybeThrowSecurityException method
Future<void>
maybeThrowSecurityException(
- String path,
- Method method
)
Implementation
Future<void> maybeThrowSecurityException(String path, Method method) async {
assert(!path.startsWith('/'));
// Wait for the Streams to have fired so that `auth.add` events reflect in
// time in `authObject`.
await Future.value();
final latestUser = authObject.valueOrNull;
// TODO: populate `request` and `resource`.
// https://firebase.google.com/docs/rules/rules-language#building_conditions
// https://firebase.google.com/docs/reference/rules/rules.firestore.Request
// https://firebase.google.com/docs/reference/rules/rules.firestore.Resource
// `resource` works with get `get` and `exists` custom functions. Enables
// this kinds of expressions:
// `get(/databases/(database)/documents/users/$(request.auth.uid)).data.admin)`
// https://firebase.google.com/docs/rules/rules-language#function
// TODO: populate `auth.firebase.identities`.
// https://firebase.google.com/docs/rules/rules-and-auth
final context = {
'request': {'auth': latestUser}
};
path = 'databases/fake-database/documents/' + path;
if (!securityRules.isAllowed(path, method, variables: context)) {
throw Exception('$method on $path with context $context is not allowed.');
}
}