CODEWITHSUNDEEP
androidfirebasegoogle-cloud-firestorefirebase-security
Mustafa ALMulla
Mustafa ALMulla

Reputation: 900

Cloud Firestore rules only allow author to read document

I have the following document

The firesotre document

and I have set the following rules

The firestore rules

Every time I try to read the document using the Android SDK

FirebaseFirestore db = FirebaseFirestore.getInstance();
db.collection("users").get().addOnCompleteListener(appExecutors
                     .networkIO(),
             task -> {});

I am getting this error

"com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions."

I am not sure what is wrong is it the rules or the Android call.

Upvotes: 0

Views: 920

Answers (4)

Mustafa ALMulla
Mustafa ALMulla

Reputation: 900

It seems that I had to add a where close in my code 

FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
    FirebaseFirestore.setLoggingEnabled(true);
    FirebaseFirestore db = FirebaseFirestore.getInstance();
    db.collection("users").whereEqualTo("authorId",user.getUid()).get().addOnCompleteListener(appExecutors.networkIO(),task -> {});

Upvotes: 0

Rob
Rob

Reputation: 1047

I think you can fix this from firebase consol. You just need to sllow access to all user. As I remember by default there was allowed only authorized users.

Upvotes: 0

Doug Stevenson
Doug Stevenson

Reputation: 317392

This code is trying to access every document in the entire users collection:

db.collection("users").get()

If there any any document in that collection that violates the security rules you set up, then it will fail.

Did you instead intend to try to access the single document that the user is supposed to have access to?

Upvotes: 0

Doug Stevenson
Doug Stevenson

Reputation: 317392

It looks like you meant to type resource.data.author_id instead of resource.data.author_d in the rule.

Upvotes: 4

Related Questions