mattram6
Reputation: 3
Accessing field in document of Firestore rule is not working
I am writing Firestore rules for an android app I'm currently developing. I am having trouble writing security rules. I want to have a collection of editors where each document is named after a userId and stores the role of that userId in itself.
The path to the document for each editor is users/(userId of owner's data being accessed)/editors/(userId of accessing user). The field that contains the role is "Role" and currently the only role is "Owner". Thus it is shown in the database as Role: "Owner".
match /users/{userId} {
allow read, write: if getUserData().Role == "Owner";
}
function isSignedIn() {
return request.auth != null;
}
function getUserData()
{
return get(/databases/$(database)/documents/users/$(userId)/editors/$(request.auth.uid)).data;
}
Simulated read and writes are currently being denied.
Upvotes: 0
Views: 44
Answers (1)
Frank van Puffelen
Reputation: 599041
Given how your functions are scoped, you'll have to pass userId into the call to getUserData:
match /users/{userId} {
allow read, write: if getUserData(userId).Role == "Owner";
}
function isSignedIn() {
return request.auth != null;
}
function getUserData(userId)
{
return get(/databases/$(database)/documents/users/$(userId)/editors/$(request.auth.uid)).data;
}
Upvotes: 1
Related Questions
- Firestore rules saying document get function is wrong
- Firebase Firestore Rules get() Not Working
- Firebase Security Rule - Access a field in other document
- Firestore rules for document field
- Firestore Rules : Property is undefined on object
- I can't check if field exists in document when working on firestore rules
- Firestore security rule get() not work
- Firestore security rules not working on specific field
- Firestore security rule not working
- Firestore security rule get() not working