Hi,
I am currently using a custom function to insert a document into a collection. I want to do this on server side as I need some data I don’t want to retrieve on the client side. However, I discovered that even if the function that finally inserts the document is executed with the permission of the user calling, when inserting rules and schema seem to be bypassed. When running manual validation added documents are shown as errors due to an obvious error on my side, but that’s not the point.
Is there really no validation or is there something I might have missed? As always it is quite hard to find proper documentation. I tried to specifically set a flag collection.insertOne(doc, {bypassDocumentValidation: false}), but it just did nothing.
Best regards
Hey Daniel -
Is there really no validation or is there something I might have missed?
Validation and permissions are enforced when you are running your function as a user and your function requires Application Authentication.
When you run a function as a System User it should bypass all rules and schema. So will setting your function authentication to System (docs reference). If you are not running as a system user and still facing your issue, it might be helpful to see your permissions and schema set up, as well as what document you are trying to insert.
As always it is quite hard to find proper documentation.
We’re always looking for ways to make our docs more helpful. Do you mind letting us know what you were searching for/where you were looking and found it unhelpful?
1 Like
I just double checked and the function is on Application Authentication as we need some info about the user calling it anyway. Rules and schemas should be fine as I tried the same query from the frontend but from there it was rejected due to schema validation. I’ll look further into it and double check everything.