I'm building a simple data structure and I'm hoping the Firebase security rules can accommodate it.
Right now I'm getting PERMISSION_DENIED for read privileges.
I know you're usually supposed to design your data structure around the security rules but there are very specific reasons for this data structure
So I'd like to try and make the security rules work around it.
Here's the json export of my data:
{
"form" : {
"form" : {
"data" : "Form",
"owner" : "116296988270749049875",
"public" : true
}
},
"users" : {
"116296988270749049875" : {
"data" : "Daniel Murawsky"
}
}
}
And here's what I've got for the security rules so far:
{
"rules": {
"$form":{
"$dataId":{
".read": "data.child('public').val() == true",
".write": "data.child('owner').val() == auth.uid"
}
}
}
}
I've never seen a use case for having two $location variables, one after another, so I can imagine that being the problem. Any input is welcome.
Thanks!
UPDATE
Thanks to Frank's recomendation to use the security simulator (https://.firebaseio.com/?page=Simulator), I quickly figured out the problem with a little bit of play. Thanks Frank!
I didn't understand (even though I read it a dozen times) the concept that Rules Cascade. Once I got it, it was easy.
Related
I'd like to get an overview, for example of all the critical vulnerabilities I have access to view in a GitHub organization.
This answer has allowed me to get a list for a specific repository:
{
repository(name: "repo-name", owner: "repo-owner") {
vulnerabilityAlerts(first: 100) {
nodes {
createdAt
dismissedAt
securityVulnerability {
package {
name
}
advisory {
description
}
}
}
}
}
}
However scanning a large organization manually is just as easy repo-by-repo through the GUI as it is through the API.
Is there a way, preferably in Insomnia, though if not then a CLI version is ok, to get such a list of critical vulnerabilities?
I suspect it can only be done by querying every repo by iterating through the list of all repositories, something like this query I had from something else I was playing with, though was curious if anyone had any other clever solutions to save writing that app:
query{
organization(login: "repo-owner"){
repositories(first: 100){
nodes{
name
}
pageInfo{
hasNextPage
}
}
}
}
I'm unaware of a way to filter for critical vulnerabilities using the GitHub graphql, but you can do something like this:
{
organization(login: "repo-owner") {
repositories(first: 100) {
nodes {
nameWithOwner
vulnerabilityAlerts(first: 10) {
nodes {
securityAdvisory {
severity
}
}
}
}
}
}
}
This will output the severity for every single repository in the repo-owner organization regardless if there is a severity for the repository. I believe with the gh cli tool, you can use Go templates to format the output. For more information on how to use the gh cli tool with Go templating, please refer to the following page.
I see that there is no way to set security rules as preventing "delete and update" for a child.
".write": "!data.exists() && newData.exists() && !newData.exists()"
thats not make sense.
For future reference, the Firebase console lets you test database security rules, so you can find out what works right there before you publish those rules. That being said, if I'm understanding your question correctly, you want to allow users to add to the node, but not delete or update. You'd be looking for something along the lines of:
{
"rules": {
...
"childNodeName": {
".write": "!data.exists()"
}
}
}
You shouldn't need those other two conditions. Not to mention, they will never resolve to true since those conditions cannot be met.
You can also use a wildcard if you need to add multiple children to a path but you don't want the user to modify those children once they've been added:
{
"rules": {
...
"childNodeName": {
"$pushId": {
".write": "!data.exists()"
}
}
}
}
I would like to know if it is possible to access a parameter from a class being instantiated using the create_resources function. I want to use that parameter in other class to conditionally install some things or not.
This is my scenario:
define myResource($myParam) { ... }
create_resources(myResource, $hashResources)
$hashResources = { "MyResource1" : { "myParam" : 1 },
"MyResource2" : { "myParam" : 2 }
}
myFancyPuppetClass($nameOfResource) {
if(******myParam from the resource defined with name $nameOfResource in the same catalog******) { ... }
}
Is this possible? If it is, how can I do the reference? Thank you!
Since the resources you are attempting to create are defined types, and the parameters in a defined resource are not accessible, this is not possible in the latest version of Puppet.
See a previous answer of mine regarding accessing parameters in defined resources for an alternative.
I'm trying to create a small EmberJS application, but I'm struggling about how to architecture it correctly. I have a main view called "library" which displays on a sidebar a list of folders. User can click on each folder and display the content at the center (while the sidebar is still active).
I therefore have a library resource, and nested resources to display the folders in this specific context:
this.resource('library', function() {
this.resource('libraryFolders', {path: 'folders'}, function() {
this.resource('libraryFolder', {path: ':folder_id'};
}
};
To be able to access the folders in the parent root, I set up a dependency:
App.LibraryController = Ember.Controller.extend({
needs: ["libraryFolders"],
folders: null,
foldersBinding: "controllers.libraryFolders"
});
App.LibraryRoute = Ember.Route.extend({
setupController: function(controller) {
controller.set('controllers.libraryFolders.model', App.Folder.find());
}
});
First question: is this a good way? I feel it a bit strange that a parent controller have a dependency to its children.
Now, another problem arises: what if I want to reuse folders in another context? All the methods I would write in LibraryFoldersController would be specific to this one, not really DRY. What I came up is adding a root "folders" resource, and add the dependency to this one instead:
this.resources('folders');
App.LibraryController = Ember.Controller.extend({
needs: ["Folders"],
folders: null,
foldersBinding: "controllers.folders"
});
App.LibraryRoute = Ember.Route.extend({
setupController: function(controller) {
controller.set('controllers.folders.model', App.Folder.find());
}
});
What do you think? Am I doing it wrong?
IMO it looks good so far. You are using the needs API which is the correct (ember) way to setup dependencies between controllers.
Maybe if you find yourself writing repeating code you could consider creating a Mixin for a more general controller an put there your logic, that should be agnostic to the use cases it handles.
For example defined a mixin:
App.ControllerMixin = Ember.Mixin.create({
// "use case" agnostic logic here
});
You mix mixins into classes by passing them as the first arguments to .extend.
App.LibraryController = Ember.ObjectController.extend(App.ControllerMixin, {
// now you can use here the logic defined in your mixin
// and add custom code as you please
});
Another possibility is to write a super class and then extend from it to inherit common logic:
Snippet taken from the docs:
App.Person = Ember.Object.extend({
helloWorld: function() {
alert("Hi, my name is " + this.get('name'));
}
});
var tom = App.Person.create({
name: 'Tom Dale'
});
tom.helloWorld(); // alerts "Hi, my name is Tom Dale".
One thing worth mentioning (though I think it's simply a typo) is: needs: ["Folders"] should be needs: ["folders"],
Hope it helps.
my controller returns data like this:
{
"success":true,
"data":{
"35":{
"msg":{
"32":{
"module_id":"35",
"alert_id":"32",
"alert_datetime":"2012-11-28 16:19:19",
"param1_type":"imo",
"param1_value":"453465",
"param2_type":"",
"param2_value":"0",
"param3_type":"",
"param3_value":"0",
"msg":"triiiis dve",
"count":1
},
"33":{
"module_id":"35",
"alert_id":"33",
"alert_datetime":"2012-10-28 00:00:00",
"param1_type":"imo",
"param1_value":"54984",
"param2_type":"",
"param2_value":"0",
"param3_type":"",
"param3_value":"0",
"msg":"triis tri",
"count":1
}
}
},
"42":{
"msg":{
"1":{
"module_id":"42",
"alert_id":"1",
"alert_datetime":"2012-10-28 16:19:19",
"param1_type":"imo",
"param1_value":"9281906",
"param2_type":"",
"param2_value":"0",
"param3_type":"",
"param3_value":"0",
"msg":"",
"count":1
}
}
},
"39":{
"msg":{
"2":{
"module_id":"39",
"alert_id":"2",
"alert_datetime":"2012-10-28 12:36:31",
"param1_type":"imo",
"param1_value":"65464546",
"param2_type":"",
"param2_value":"0",
"param3_type":"",
"param3_value":"0",
"msg":"",
"count":1
}
}
}
}
}
After that I do this
that.tpl.overwrite(that.el, Ext.decode(response).data);
The problem is that I can't loop through the result object keys... I know how to loop through objects with pre-defined key names, but mine are dynamicaly generated...
Will appreciate some help, thanks!
I am assuming you have an idea of the depth of nesting (4 levels below the "data" element in this case):
You could loop through the data with Ext.Object.each (maybe there are some query methods for this too, not sure), looping through each element's children too. In case you use Ext.data.Model instances, you can use the Ext.data.association links to loop through the data.
In that case you could make a different template for each level and insert the result of each template in the template of the level above.
It sounds more difficult than it actually is I think.
foreach in templates is currently indeed only available for support subscribers.