Reputation: 37
Firestore rules to allow write on two separate Uids
I am writing a chat application and am done apart from the security rules section. I am currently creating two documents for each message (one each for each user) I am okay with writing a document to my user Id but the database isn't allowing for a write in the other paired user Id.
I have tried by allowing the write if the userId is in the resource.data of the other file
match /message/{user}/{chatRoomID}/{messageId} {
allow read, write: if request.auth.uid == user || request.auth.uid in resource.data;
}
How can I make it so whenever a message is sent to the database it is only read and can be written by the specific user Ids?? Each message object has reference to who sent it (each user's object Id). Thanks in advance !!
Upvotes: 1
Views: 115
Answers (1)
Reputation: 599166
While in is indeed an operator in security rules, this won't work:
request.auth.uid in resource.data
The in operator checks if a key exists in a map, where it is much more likely that you store the UID of the other user in the value of a field.
To check whether a certain field has a specific value, use something like this:
request.auth.uid == resource.data.senderID
Upvotes: 1
Related Questions
- Firestore: userId rule
- Allow update only from uid in the document (firestore security rules)?
- FireStore Rules : Read/Write user own document
- Firestore rules to restrict users to read/write only their data
- Cloud Firestore Security Rules - only allow write to specific key in document
- Multi-permission Firestore security rules
- Firestore Security Rules: Allow User To Create Doc Only If New Doc ID is same as User ID
- How can I setup rules so I can write documents to firestore protected by uid?
- Firestore write security rule for specific user using auth names
- Rule for Firestore that enforce user to write a document with id equals to its own uid