Firestore rule schema for an object

Question

Firestore rule schema for an object

I have a collection. Each document has object readers that will store the uid of the people who will have access to the documents. This can be one or more users who can access the document.

I am using angular firebase

constructor(private afAuth: AngularFireAuth, private afs: AngularFirestore) { this.afAuth.authState.subscribe(auth => { this.users = afs.collection<User>('users', ref => ref.where('readers.' + auth.uid, '==', true)).valueChanges(); }); }

If I use a rule that allows everything to be read, the correct entries will be displayed on my page

 match /users/{userId=**} { allow read, write; }

If I add a rule for filtering using uid, I get the Missing or insufficient permissions error.

 match /users/{userId=**} { allow read, write: if resource.data.readers[request.auth.uid] == true || resource.readers[request.auth.uid] == true; }

Appreciate any help regarding what I did wrong for the rules. Thanks in advance.

+5

firebase firebase-security google-cloud-firestore

William Oct 23 '17 at 14:02

source share

2 answers

Manuel bauer · Answer 1 · 2017-10-23T14:06:10+0000

Have you tried changing your rules in the database rules to auth = null?

 { "rules": { ".read": "auth == null", ".write": "auth == null" } }

ircmgr · Answer 2 · 2017-11-11T12:35:27+0000

 //Object structure "documentToShare"{ documentData: {}, documentUsers:{user1UID,user2UID} } //Firebase rules Rules:{ "documentToshare: { match documentToshare/documentUsers/&uid } }

this is a quick example and probably not valid, but it should give you an idea

Firestore rule schema for an object

More articles: