dshukertjr
Reputation: 18660
Disable querying collection in Firebase Cloud Firestore with rules
I am using Firebase Cloud Firestore, and I want to modify my rules to restrict users from querying a collection.
This should not be allowed:
firestore().collection("users").get()
But this should be allowed:
firestore().collection("users").doc("someUserId").get()
Currently, my rules look like this:
match /users/{userId} {
allow read;
}
but this rule allows the "users" collection to be queried.
How can I allow single document gets, but not collection queries?
Upvotes: 28
Views: 3364
Answers (2)
Sanjay Verma
Reputation: 1626
Just allow get and you'll be good:
match /users/{userId} {
allow get;
}
Upvotes: 1
Juan Lara
Reputation: 6854
You can break read rules into get and list. Rules for get apply to requests for single documents, and rules for list apply to queries and requests for collections (docs).
match /users/{userId} {
//signed in users can get individual documents
allow get: if request.auth.uid != null;
//no one can query the collection
allow list: if false;
}
Upvotes: 40
Related Questions
- firebase firestore rules authenticated access to all collections except one
- Firestore rules to read only one collection and rest of the database restricted
- Firebase Firestore security rule: Only allow collection group query if filtering by a specific field
- Firebase Firestore only allow user to query a collection if there is a filter
- Firestore rules allow access to docs, but not via collection query
- Firestore Security: rules to retrieve list of the data using db.collection and where clause
- Firestore rules allow specific document but not collection
- Can I query a collection as part of a Cloud Firestore security rule?
- Firestore Security Rules for collection within a document
- Firestore Security Rule allowing unauthenticated access only to one collection