Firestore rules to Read, Update and Delete

Question

I’m a non developer that is looking for some guidance with security rules for a Firestore project.

Firestore database screenshot:

Each document in the Swaps collection should be accessible by two users only, a giver and a receiver.

To be allowed to create a new document in the Swaps collection, the user needs to assign herself as the receiver, which means the authenticated userid must match the ReceiverID of the request.

However, both the giver and receiver should be allowed to Update, Read and Delete the document. To do this, I want to match the receiver to the Swap document's ReceiverID and the giver to the Swap document's GiverID

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
    match /Swaps/{document=**} {
      allow read: if request.auth.uid == resource.data.GiverID;
      allow update: if request.auth.uid == resource.data.GiverID;
      allow delete: if request.auth.uid ==resource.data.GiverID;
      allow read: if request.auth.uid == resource.data.ReceiverID;
      allow update: if request.auth.uid == resource.data.ReceiverID;
      allow delete: if request.auth.uid == resource.data.ReceiverID;
      allow create: if request.auth.uid == request.resource.data.ReceiverID; 
    }

Currently, the only rule that seams to be working is Create. Read, update and delete are not working, either for giver or receiver.

Answer 1

Try like this:

rules_version = '2';
service cloud.firestore {
 match /databases/{database}/documents {
    match /Swaps/{Swap} {
      allow read: if request.auth.uid == resource.data.GiverID || request.auth.uid == resource.data.ReceiverID;
      allow update: if request.auth.uid == resource.data.GiverID || request.auth.uid == resource.data.ReceiverID;
      allow delete: if request.auth.uid == resource.data.GiverID || request.auth.uid == resource.data.ReceiverID;
      allow create: if request.auth.uid == request.resource.data.ReceiverID; 
    }