Atul Acharya
Reputation: 507
Firestore rule not working as expected
I have following rule set up on firestore.
service cloud.firestore {
match /databases/{database}/documents {
match /items/{itemid} {
allow read, write: if request.auth.uid == resource.data.owner;
}
}
}
In my Angular service, I am initializing collection as follows:
constructor(private authService: AuthService, private fs: AngularFirestore) {
this.itemsCollection = this.fs.collection('items', cr => {
return cr.where('owner', '==', authService.currentUserId);
});
}
Code to read items:
items() {
return this.itemsCollection.valueChanges();
}
Code to write item:
addItem(item: ItemEntry): Observable<DocumentReference> {
item.owner = this.authService.currentUserId;
return Observable.fromPromise(this.itemsCollection.add(item));
}
The read operation works correctly, but the write operation (addItem) fails with error
Missing or insufficient permissions.
Unable to figure out, why?
Upvotes: 0
Views: 436
Answers (1)
Rosário P. Fernandes
Reputation: 11316
That's because the resource variable:
contains a map of the fields and values stored in a document in
resource.data.
This means that resource.data only contains the data that is already stored on the database.
You should use request.resource instead. Because it contains the data being written to the database. Your new rules would look like this:
allow read, write: if request.auth.uid == request.resource.data.owner;
Upvotes: 2
Related Questions
- Firebase Security Rule fails even though the request would be correct
- Firestore Cloud rules
- Firebase Cloud Firestore rules / permissions issue
- Firestore Rule not applying to collection
- Firestore Security Rules not working as expected
- Trying to set up Cloud Firestore security rules using request.path
- Firestore Security Rules Permission Issue
- Firestore create security rule not behaving as expected
- Firestore security rules not working on specific field
- Firestore security rule not working