Firebase Firestore: Insufficient permissions to write

Question

I am trying to write a document, but get

Missing or insufficient permissions.

My rules looks like:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth.uid == resource.data.uid;
    }
  }
}

I am trying to write

const accountBalanceRef = db.collection('accountBalances').doc()
accountBalanceRef.set({
    type: s.type,
    accountName: s.accountName,
    startingBalance: s.startingBalance,
    endingBalance: s.endingBalance,
    statementYear: s.year,
    statementMonth: s.monthNumber,
    createdAt: now,
    uid: this.props.uid
})

Whats wrong? this.props.uid is my user ID

RESOLVED:

With @Bob Snyder's help, I resolved it with the following rule

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if request.auth.uid == resource.data.uid;
      allow write: if request.auth.uid == request.resource.data.uid;
    }
  }
}

I need to have different rules for read and write. I think its because for a read, I don't exactly have request.resource.data.uid set

Answer 1

In a Firestore security rule, resource.data is the value of the document in the database. Your rule does not allow creation of an accountBalance document because resource.data is null.

If you want your rule to require that the uid field in an accountBalance equals the uid of the authorized user, the rule should use request.resource.data.uid.

allow read, write: if request.auth.uid == request.resource.data.uid;

The documentation for request.resource explains:

The [request] resource variable contains data and metadata about the document being written. It is closely related to the resource variable, which contains the current document at the requested path, as opposed to the document being written.