CODEWITHSUNDEEP
firebasegoogle-cloud-firestorefirebase-security
Denis Rozimovschii
Denis Rozimovschii

Reputation: 448

Firestore where clause with security rules

Suppose there are the following rules in place 

service cloud.firestore {
    match /databases/{database}/documents {
        function roomAccess() {
            return resource.data.allow_anonymous == true || (request.auth.uid == resource.data.uid);
        }
        function writeOnlyOwner() {
            return request.auth.uid == resource.data.uid;
        }
        match /rooms/{room_id} {
          allow read: if roomAccess();
          allow write: if writeOnlyOwner();
          allow create: if request.auth.uid != null;
        }   
    }
}

Also, this is what an document in the collection rooms looks like Json format

Question Is there any way to query the specific room where the access_key is set to some value?

 db.collection('rooms')
            .where('access_key', '==', access_key)
            .get()

It is important to note that i'm querying as the creator of the room (and the room.uid with match my uid

Nonetheless, it fails on access rights. And the documentation doesn't seem to describe such behavior.

As far as I understood, the query fails because there might be some rooms, with this access_key, for which roomAccess() would fail. But I can't seem to find a way around it.

Upvotes: 2

Views: 806

Answers (1)

Denis Rozimovschii
Denis Rozimovschii

Reputation: 448

My problem was that I should have been checking for resource.data.allow_anonymous == true || request.auth.uid != null since I wanted to get the room either if the user is authenticated or it is public.

In this case, all the documents retrieved by access_key query match the security contraints

Upvotes: 1

Related Questions