Nzadibe
Nzadibe

Reputation: 638

Flutter Firestore Role Based Security Rules

I am trying to determine if a specified field role in my user's collection is the one being used within the app. I have simulated this rule like below image in the rules section:enter image description here

I am trying to access the Admin field of the user collection in this image and check in the rules to allow creating a new product if the user is admin or superuser(can create admin users). Image below:

enter image description here

The rule simulation seems to fail, is there a proper way to access this field in security rules(see both images) or to set up the database properly? The fields were set in a form using radio buttons?

Overall desired task is to allow only certain sections of the app database to be accessed and/or manipulated by my users and also within the app itself, is there a way to query these fields and render the UI and interactions conditionally, to avoid the whole security rules thing?

The superuser is in the owner's collection, omitted for brevity and only one document in it.

Thanks.

Upvotes: 1

Views: 610

Answers (1)

Doug Stevenson
Doug Stevenson

Reputation: 317808

Your rule is checking documents in your "projects" collection, but your screenshot is showing contents of doucments in the "users" collection. So, there is obviously a mismatch here.

If you want to allow access to a document using the contents of another document, you will need to get() the other document, then check it for the data you're looking for. An example of this is provided in the documentation. What you will need to do is get() the user document for the currently authenticated user, then check that document's role field. It will look something more like this:

get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role

Upvotes: 2

Related Questions