Reputation: 7910
Missing or insufficient permissions when writing to Firestore using field in access rules
I am getting an error when attempting to write to Firestore.
I am attempting to use a field containing the user uid for my security rule.
service cloud.firestore {
match /databases/{database}/documents {
match /messages/{document=**} {
allow read: if resource.data.user_uid == request.auth.uid;
allow write: if resource.data.user_uid == request.auth.uid;
}
}
}
If I have data in my Firestore database, the read rule works fine - but when I attempt to write I get: Error: Missing or insufficient permissions.
Is there something I'm doing wrong with this write rule?
P.S. If I change my rule to this, I'm able to write to my database - but this isn't secure enough for my purposes:
match /messages/{document=**} {
allow read: if resource.data.user_uid == request.auth.uid;
allow write: if request.auth != null;
}
Upvotes: 40
Views: 71342
Answers (4)
Reputation: 251
For me this set of code worked for firestore security
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read,write: if true;
}
}
}
Upvotes: 0
Reputation: 960
You can make your database available just for reading and not for writing:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if true;
allow write: if false;
}
}
}
Upvotes: 4
Reputation: 15569
resource.data refers to the data already stored, so your rule allowed users to only update data that already includes their user ID.
What you probably want to check is request.resource.data which is the new data coming in.
There's a rather extensive document about those fields and other security rules here: https://firebase.google.com/docs/firestore/security/rules-conditions
Upvotes: 32
Reputation: 3556
This question and the accepted answer were very useful for me. I ended up using a slightly different set of rules which I'll share here incase someone else finds them useful.
Like the OP, I store a user ID (uid) with my resources. However, when I want to create a new resource, there's no uid yet. Using an example in the documentation I ended up with security rules that look like this:
service cloud.firestore {
match /databases/{database}/documents {
match /messages/{document=**} {
allow read, update, delete: if request.auth.uid == resource.data.uid;
allow create: if request.auth.uid != null;
}
}
}
Upvotes: 18
Related Questions
- Error with Firestore security rules: FirebaseError: Missing or insufficient permissions
- User can't write to Firestore database even though he is authorized
- Firestore write not working although security rules are set correctly
- Firebase Cloud Firestore security rules only allow read not write
- Getting permission error when creating a Firestore document
- Firestore Rules: Error performing setData, PERMISSION_DENIED
- WriteFields in Firestore Rules only working in Simulator
- Firestore security rules - permission denied
- Firebase Firestore: Insufficient permissions to write
- Firestore: "Missing or insufficient permissions" Can you define or retrieve more details on error?