Reputation: 777
Firestore security rules based on an other documents
I'm trying to give user the ability to read a document only if a field in this document is equal to a field in a list of other documents.
My database is like this:
Orders collection
Order 1
id: order1
Order 2
id: order2
OrderLines collection
ljsdfozdkfjz
order: order1
ozjehfeofheof
order: order1
ojezihfoekfjf
order: order32
pjeopajfoekfss
order: order69
Here I would like user to be able to read all order lines in OrderLines collection if the document contains the order id of orders the user has access.
I tried this security rule:
service cloud.firestore {
match /databases/{database}/documents {
match /OrderLines/{OrderLinesId=**} {
allow read: if resource.data.order == get(/databases/$(database)/Orders/{OrderId}).data.id;
}
}
}
but it's not working
Upvotes: 0
Views: 753
Answers (1)
Reputation: 317467
There are some limitations of security rules that you should be aware of. First, you can't perform a query in rules. You can only indicate that you want to read a single document. You must be able to reference that document by its unique path. Reading an entire collection is not possible. Second, you are limited to 10 document reads per rule.
Given your current setup, it's not possible to write a rule that meets your needs. You might want to consider a different (additional) database structure instead, maybe one that requires a single document with a field that's an array of values to check against.
Upvotes: 2
Related Questions
- Firestore security rules - nested documents
- Firebase-firestore security rules per document flutter
- Complex firestore rules
- Firestore per-field security rule
- Firestore rules for document field
- Firestore security rules for specific document
- Firestore rules access to parent document
- Firestore Access Rules that Rely on a Document Reference
- Firestore Security Rules for this scenario
- Firestore security rule using reference to another document