1

What is the best practice to detect when authorization fails due to firebase security rules. For example if the security rules in the firebase database do not allow the current logged in user below to access "/path/to/data" how can it be detected?

<firebase-document
    id="document"
    app-name="notes"
    path="/path/to/data"
    data="{{data}}">
</firebase-document>
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Mario
  • 11
  • 1
  • There is not a great way currently. I'm looking into adding this. – Michael Bleigh Aug 08 '16 at 23:19
  • Thank you for that. I might take a shot at adding that. Do you have a suggestion on how you think that should be implemented? My initital inclination is to add a boolean notify property permissionAllowed and then implement all promises in code that calls the database through the firebase api to set the property to false if PERMISSION_DENIED is received in the error function. For example in the set call in _setFirebaseValue function. – Mario Aug 09 '16 at 22:27
  • I've [got a PR out](https://github.com/firebase/polymerfire/pull/94) that will emit error events when listeners have issues (including `PERMISSION_DENIED`) – Michael Bleigh Aug 10 '16 at 00:57

1 Answers1

1

As of PolymerFire 0.9.5 the document and query elements will emit an "error" event when read access is denied:

<template>
  <firebase-document
      id="document"
      app-name="notes"
      path="/path/to/data"
      data="{{data}}"
      on-error="handleError">
  </firebase-document>
</template>
<script>
  Polymer({
    handleError: function(e, err) {
      // handle the error
    }
  });
</script>
Michael Bleigh
  • 25,334
  • 2
  • 79
  • 85