maybeThrowSecurityException method

Future<void> maybeThrowSecurityException(
  1. String path,
  2. Method method
)

Implementation

Future<void> maybeThrowSecurityException(String path, Method method) async {
  assert(!path.startsWith('/'));

  // Wait for the Streams to have fired so that `auth.add` events reflect in
  // time in `authObject`.
  await Future.value();

  final latestUser = authObject.valueOrNull;
  // TODO: populate `request` and `resource`.
  // https://firebase.google.com/docs/rules/rules-language#building_conditions
  // https://firebase.google.com/docs/reference/rules/rules.firestore.Request
  // https://firebase.google.com/docs/reference/rules/rules.firestore.Resource
  // `resource` works with get `get` and `exists` custom functions. Enables
  // this kinds of expressions:
  // `get(/databases/(database)/documents/users/$(request.auth.uid)).data.admin)`
  // https://firebase.google.com/docs/rules/rules-language#function
  // TODO: populate `auth.firebase.identities`.
  // https://firebase.google.com/docs/rules/rules-and-auth
  final context = {
    'request': {'auth': latestUser}
  };
  path = 'databases/fake-database/documents/' + path;
  if (!securityRules.isAllowed(path, method, variables: context)) {
    throw Exception('$method on $path with context $context is not allowed.');
  }
}