CODEWITHSUNDEEP
javascriptfirebasegoogle-cloud-firestorefirebase-security
James
James

Reputation: 43

Keep getting missing permission when trying to add to user only

I am trying to allow read/write to only a users UID, however script keeps saying missing permission please help.

Many thanks`

service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
      allow read, update, delete: if request.auth.uid == userId;
      allow create: if request.auth.uid == userId;
    }
  }
}
db.collection('users').doc(userId).collection('details').add(...

Upvotes: 1

Views: 71

Answers (2)

Angus
Angus

Reputation: 3728

Probably your forgot to enable sign-in provider in the firebase console.enter image description here

Upvotes: 0

Doug Stevenson
Doug Stevenson

Reputation: 317342

The rules you've written only match documents that are immediately within the collection called "users". However, you're trying to access a document within a subcollection of a document of under "users".

The documentation addresses this situation very specifically, so be sure to read and understand how hierarchical data works for security rules.

If you want to apply per-user rules to all documents in a collection, and all the documents in all nested subcollections under that document, you can simply say this:

service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
      allow read: if request.auth.uid == userId;
      match /{document=**} {
          allow read: if request.auth.uid == userId;
      }
    }
  }
}

Note that the match has to be nested like this in order it to use the userId wildcard from the outer match.

Upvotes: 1

Related Questions