CODEWITHSUNDEEP
firebasegoogle-cloud-firestorefirebase-security
Inna M
Inna M

Reputation: 41

Prevent reading a certain collection

I have many collections for reading, but they are not allowed to write. I also have one collection where reading is prohibited, but writing is allowed. How to do this correctly? I tried many ways to correctly prescribe the rules. The official documentation did not solve my problem.

It should work on this principle:

match /{document=**} {
      allow read: if true;
      allow write: if false;
    }
match /FOLDER/FOLDER {
      allow read: if false;
      allow write: if true;
    }

But it does not work because Overlapping match statements. "In the case where multiple allow expressions match a request, the access is allowed if any of the conditions is true"

Tried also with exists and get.

There are no common fields between these collections.

How to do this correctly?

Upvotes: 1

Views: 36

Answers (1)

Doug Stevenson
Doug Stevenson

Reputation: 317477

Since this rule grants unconditional read access to your entire database:

match /{document=**} {
  allow read: if true;
  allow write: if false;
}

You can't use it at all if you don't want some of your collections to have read access. You should remove that rule, and write new rules for each of the collections where you do want to allow access.

You could also try omitting the one unreadable collection from the global rule, but I don't recommend this, as it's less clear what you're trying to do:

match /{document=**} {
  allow read: if document[0] != "unreadable-collection";
  allow write: if false;
}

Upvotes: 1

Related Questions