Flutter Firestore Role Based Security Rules

Question

I am trying to determine if a specified field role in my user's collection is the one being used within the app. I have simulated this rule like below image in the rules section:

I am trying to access the Admin field of the user collection in this image and check in the rules to allow creating a new product if the user is admin or superuser(can create admin users). Image below:

The rule simulation seems to fail, is there a proper way to access this field in security rules(see both images) or to set up the database properly? The fields were set in a form using radio buttons?

Overall desired task is to allow only certain sections of the app database to be accessed and/or manipulated by my users and also within the app itself, is there a way to query these fields and render the UI and interactions conditionally, to avoid the whole security rules thing?

The superuser is in the owner's collection, omitted for brevity and only one document in it.

Thanks.

Answer 1

Your rule is checking documents in your "projects" collection, but your screenshot is showing contents of doucments in the "users" collection. So, there is obviously a mismatch here.

If you want to allow access to a document using the contents of another document, you will need to get() the other document, then check it for the data you're looking for. An example of this is provided in the documentation. What you will need to do is get() the user document for the currently authenticated user, then check that document's role field. It will look something more like this:

get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role