CODEWITHSUNDEEP
firebasefirebase-securitygoogle-cloud-firestore
dubace
dubace

Reputation: 1621

Firestore nested security rule

Could I manage access to nested field with in Firestore with rules?

For example in the Structure

users
   b1a2e3
      profile
      rating
      personal_info

Could I allow access to personal_info only if users.uid == request.auth.uid?

Upvotes: 2

Views: 2753

Answers (1)

aTo
aTo

Reputation: 285

No the rules only apply to collection and documents. You can't take only some data inside a document.

If you want you can't try to change your structure for Something like this with the public info inside the document UserUID.

(collection) User / (doc) UserUID / (collection) private_info

And use this rules

service cloud.firestore {
  match /databases/{database}/documents {

  match /users/{userUID} {

        // Other rules

         match/personal_info/{allChildren=**}{
            allow read, write: if request.auth.uid == userID;
        }
  }
}

You have more information about rules on firestore here: https://firebase.google.com/docs/firestore/security/secure-data#nested_matches

Upvotes: 2

Related Questions