CODEWITHSUNDEEP
firebasegoogle-cloud-platformgoogle-cloud-firestorefirebase-security
Quan Hodges
Quan Hodges

Reputation: 347

How to use wildcards in firebase security rules

I'm trying to use a wildcard in my firebase security rules but it's not working like the online documentation describes. enter image description here

I want to return the entire itineraryList collection but the security rules aren't working.

match /itinerary/{userId=**}/itineraryList/{doc} {
  allow read: if request.auth.uid == userId; 
  allow write: if request.auth.uid == userId;
}

What is the correct syntax here to give authenticated users access to the entire list?

Upvotes: 0

Views: 713

Answers (1)

Renaud Tarnec
Renaud Tarnec

Reputation: 83191

Update following your comments:

If you want to give read access to any authenticated user to all documents under the itinerary collection (including sub-collections), do as follows:

service cloud.firestore {
  match /databases/{database}/documents {
      match /itinerary/{docId=**} {
          allow read: if request.auth.uid != null;
      }   

      //possibly add another rule for write

  }
}

Initial answer:

This is because by doing {userId=**} you are using the "recursive wildcard syntax", see https://firebase.google.com/docs/firestore/security/rules-structure#recursive_wildcards. It will correspond to the "entire matching path segment".

You should do:

service cloud.firestore {
  match /databases/{database}/documents {
      match /itinerary/{userId}/itineraryList/{doc} {
        allow read: if request.auth.uid == userId; 
        allow write: if request.auth.uid == userId;
      }  
  }
}

You may also watch this official Firebase video about Firestore security rules, it explains this point, among others: https://www.youtube.com/watch?v=eW5MdE3ZcAw

Upvotes: 2

Related Questions