CODEWITHSUNDEEP
androidfirebasegoogle-cloud-firestorefirebase-security
Mihae Kheel
Mihae Kheel

Reputation: 2641

Allow update on specific field on specific user - Firebase Firestore Rule

Hello I am developing an App where in there is a two type of user, first is Admin and the second one is a Regular User. Now I want to allow update on a specific field in Regular User's document called disable, only Admins can update this field. But another problem is that I want to allow updates in document's field only by the user itself like if (uid == documentId) allow write in fields since I do not want other user to just update someone's account information. How can I possibly perform this things, are they available in Rules?

Note: There will be two Collection Admins and Users where each document id is account's UID.

Thanks in advance.

Upvotes: 2

Views: 1137

Answers (1)

Mohamed Nabous
Mohamed Nabous

Reputation: 11

First things first, it is recommended that you make both Admins and Users under one collection Users and add a field admin = true for the admin's account.

And to make sure no one can update the document unless it's the same user account or an admin account, you could do that with this rule :

service cloud.firestore {
    function admin() {
        return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true
    }
    match /databases/{database}/documents {
        match /users/{userId} {
              allow read: if true;
              allow update, create: if admin() || (request.auth.uid == userId && !('admin' in request.writeFields));
              allow delete: if request.auth.uid == userId || admin();
        }
    }
}

hope this helps, good luck!

Upvotes: 1

Related Questions