I have a data structure like this (compilations and documents, not JSON, of course, but you get this idea):
{
users: {
user1:{
name: Alice,
groups: {
groupA:{subbed:true},
groupB:{subbed:true}
}
},
user2:{
name: Bob,
groups: {
groupC:{subbed:true},
groupD:{subbed:true}
}
}
}
}
These are mainly registered user identifiers and group identifiers to which each user is subscribed. I wanted to write a security rule allowing access to user profiles and subcategories only if they are the current auth user and, based on my reading of the documents, I thought that the wildcard would achieve this ...
match /users/{user=**}{
allow read,write: if user == request.auth.uid;
}
In doing so, I can read the document perfectly user
, but I get a permission error when trying to read a subcategory groups
. I can make it work by explicitly matching the subtask ...
match /appUsers/{user}{
allow read,write: if user == request.auth.uid;
match /groups/{group}{
allow read,write: if user == request.auth.uid;
}
}
... , ? , {user=**}
user
, - .. .. Ad infinitum ( ) , , .
Firestore, :)