Firestore: Missing or insufficient permissions when trying to add a new subcollection

Question

I have some basic rules in place at the moment for access to my firestore database. The rules are detailedbelow. Can anyone help me to understand why the second block of code causes a permissions error? I am trying to add an image to a subcollection which does not exist yet. Thanks

rules_version = '2';
service cloud.firestore {
    match /databases/{database}/documents {
        match /projects/{project} {
            allow read, write: if request.auth.uid != null
        }
        match /users/{userId} {
            allow create
            allow read: if request.auth.uid != null
            allow write: if request.auth.uid == userId
        }
    match /notifications/{notification} {

            allow read: if request.auth.uid != null

        }

    }
}

And here is my app code:

await firestore.add(
      {
        collection: "users",
        doc: user.uid,
        subcollections: [{ collection: "photos" }]
      },
      {
        name: imageName,
        url: downloadURL
      }
    );

Answer 1

I don't know anything about "reduxfirestore", but it looks like you're trying to write to a subcollection under users. Your security rules don't have anything to say about documents in subcollections, so all of those queries are going to be rejected. If you want to be able to read and write documents, the rules have to match their full paths, like this:

match /users/{uid}/photos/{pid} { ... }

Reading and writing in the console always works, as it bypasses security rules.