Reputation: 3315
Dynamic Firestore rules?
Dynamic Firestore rules ?
I have 2 collections and I control access but granting customClaim. Now if I have more and more collections rules will become long.
Example
service cloud.firestore {
match /databases/{database}/documents {
match /india/{documentID} {
allow read, write : if request.auth.token.india_admin == true
allow read : if true
}
}
match /databases/{database}/documents {
match /japan/{documentID} {
allow read, write : if request.auth.token.japan_admin == true
allow read : if true
}
}
}
Is there a way I can generalize it by using collection name variable
Upvotes: 1
Views: 823
Answers (1)
Reputation: 317798
What you're doing now allow unconditional read access to everything. That's what allow read: if true does.
Try this, using a wildcard for the collection name:
match /{country}/{documentID} {
allow read, write : if request.auth.token[country + "_admin"] == true;
}
Note that this has the side effect of being applied to ALL of your top-level collection, even those that don't represent a country. If you use other top-level collections that require different rules, you might want to push all of your country-specific collection into subcollections under a single top-level collection.
Upvotes: 4
Related Questions
- Firestore Rules
- Firestore dynamically update security rules
- Complex firestore rules
- Dynamic Google Cloud Firestore rules on document ID
- Firestore Security Rules for this scenario
- firebase rule with cloud firestore
- Specific Firebase Rules
- Firestore security rules based on request query value
- Custom security rules for Cloud Firestore
- Firestore Database Rules for User