CODEWITHSUNDEEP
typescriptfirebasegoogle-cloud-firestorefirebase-security
Quan Hodges
Quan Hodges

Reputation: 347

FirebaseError: [code=permission-denied]: Missing or insufficient permissions

I have a simple collection reference in a service

    firebase.auth().onAuthStateChanged(user => {
      if (user) {
          this.itineraryCollection = firebase
            .firestore()
            .collection(`itinerary/${user.uid}/itineraryList`);
        }
      });

I'm calling this service OnInit

  ngOnInit() {
    this.loggedInUser = firebase.auth().currentUser;
    this.dataSvc.getItineraries()
    .get()
    .then( itineraryListSnapshot => {
      this.itineraries = [];
      itineraryListSnapshot.forEach(snap => {
        this.itineraries.push({
          id: snap.id,
          activities: snap.data().activities,
          destination: snap.data().destination,
          startDate: snap.data().startDate,
          endDate: snap.data().endDate,
          tripDetails: snap.data().tripDetails,
          userId: snap.data().userId
        });
      });
    });

    // this.itineraries = this.dataSvc.getUserItinerary();
    console.log('logged in user add itin page', this.itineraries);
  }

But I keep getting the following error on page initialization:

vendor.js:49548 ERROR Error: Uncaught (in promise): FirebaseError: [code=permission-denied]: Missing or insufficient permissions.
FirebaseError: Missing or insufficient permissions.
    at new FirestoreError (vendor.js:76086)
    at JsonProtoSerializer.push../node_modules/@firebase/firestore/dist/index.cjs.js.JsonProtoSerializer.fromRpcStatus (vendor.js:81385)
    at JsonProtoSerializer.push../node_modules/@firebase/firestore/dist/index.cjs.js.JsonProtoSerializer.fromWatchChange (vendor.js:81882)
    at PersistentListenStream.push../node_modules/@firebase/firestore/dist/index.cjs.js.PersistentListenStream.onMessage (vendor.js:90087)
    at vendor.js:90016
    at vendor.js:90056
    at vendor.js:83144
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (polyfills.js:2749)
    at Object.onInvoke (vendor.js:51123)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (polyfills.js:2748)
    at resolvePromise (polyfills.js:3189)
    at resolvePromise (polyfills.js:3146)
    at polyfills.js:3250
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (polyfills.js:2781)
    at Object.onInvokeTask (vendor.js:51114)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (polyfills.js:2780)
    at Zone.push../node_modules/zone.js/dist/zone.js.Zone.runTask (polyfills.js:2553)
    at drainMicroTaskQueue (polyfills.js:2959)
    at push../node_modules/zone.js/dist/zone.js.ZoneTask.invokeTask (polyfills.js:2860)
    at ZoneTask.invoke (polyfills.js:2845)

I'm not sure what my database rules in firebase should be but I've tried a bunch of different rules:

      match /itinerary/{userId} {
            allow read; 
            allow write;
      }
      
            match /itinerary/{userId}/itineraryList {
            allow read; 
            allow write;
      }

any help would be greatly appreciated

Upvotes: 22

Views: 51545

Answers (4)

Jood80
Jood80

Reputation: 150

I faced this problem with an "undefined" document id. I checked my firestore rules and they didn't seem to cause any harm. A Typo did.

removeTask(boardId: string, task: Task) {
  return this.db
   .collection('boards')
   .doc(booardId) // <-- here, it has to be "boardId" instead
   .update({
      tasks: firebase.firestore.FieldValue.arrayRemove(task),
   })
   .catch((err) => {
      console.error(err); //TODO: handle that exception properly  
   });
 }

and my firestore rules look like this:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read;
      allow create: if requestMatchesUID(); 
      allow update: if resourceMatchesUID() && requestMatchesUID();
      allow delete: if resourceMatchesUID()
    }
 
    function requestMatchesUID(){
      return request.auth.uid == request.resource.data.uid;
    }    

    function resourceMatchesUID(){
      return request.auth.uid == resource.data.uid; 
    }
   }
 }

for the rules, checkout fireship

Upvotes: 1

Bruno Giubilei
Bruno Giubilei

Reputation: 327

I solved this by changing the rules of the database to the reading allowed for anyone, but leaving the methods of creating, changing, deleting and updating only for connected users. The commented part is for a later implementation where you have already defined administrator rules for each user logged in, so you can pass there that only users who are administrators can change.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if true;
      allow create, update, delete, write: if request.auth != null;
      //allow create, update, delete, write: if request.auth != null && request.auth.uid == userIdAdmin;
    }
  }
}

Upvotes: 7

Sushil
Sushil

Reputation: 2490

add this to your Database Rules tab :

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write;
    }
  }
}

Upvotes: 31

M.Lewis
M.Lewis

Reputation: 1041

Try changing the rule to:

match /itinerary/{userId}/itineraryList/{doc} {
  allow read, write: if true;
}

Be aware, the if condition of 'true' is just for testing, as it allows everyone permission to that resource. I only suggest it here for to test the rule works.

Adding /{doc} to the match - allows the rule to be applied to the documents you are protecting.

Upvotes: 7

Related Questions