
Reputation: 579

Firebase security rules - can't get resources with get()

I'm trying to write a rule in firebase security console with get() but I can't get resource data anyhow... I want documents and their subcollections to be readable to user, if user uid is in document field, array or map.

My collection structure: /boards/(boardId)/...much more

Fields in (boardId) document:

Security rules:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {   
    match /boards/{boardId=**} {
      // rules here

What I have tried so far:

allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap[request.auth.uid] == true;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap[true];

allow read: if get(/databases/$(database)/documents/boards/$(boardId))[request.auth.uid];
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId));

allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId == request.auth.uid;
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId == "MYID12345";
allow read: if get(/databases/$(database)/documents/boards/$(boardId)) == request.auth.uid;
allow read: if get(/databases/$(database)/documents/boards/$(boardId)) == request.auth.uid;

None of these worked, always getting:

ERROR FirebaseError: Missing or insufficient permissions.

allow read: if true, makes the application run normally. I'm sticking to the documentation but it's not working for me...


match /boards/{boardId=**} {
  allow read: if == request.auth.uid;

Also can't use it like this, because then, every subcollection is looking for ownerId field in it's documents, and ownerId or friend list array are only in board document.


I tried to do like so, but it didn't help:

match /boards/{boardId} {
    allow read, write: if request.auth.uid in  || request.auth.uid ==;
    allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));

    function passResource() {
        return request.auth.uid in  || request.auth.uid ==;

    match /categoryList/{categoryId} {
        allow read, write: if passResource();


What am I missing here?

Upvotes: 0

Views: 368

Answers (1)


Reputation: 579

Okay I found a working solution:

  match /databases/{database}/documents {  
    match /boards/{boardId} {
      allow read: if request.auth.uid in  || request.auth.uid ==;
      allow write: if request.auth.uid ==;
      allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));

      function isAllowed() {
        return request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId || request.auth.uid == get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId;
      match /categoryList/{category} {
        allow read, write: if isAllowed();

        match /taskList/{task} {
            allow read, write: if isAllowed();

Also funny it didn't want to work like this:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {  
    match /boards/{boardId=**} {
      allow read, write: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId || request.auth.uid == get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId;
      allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));


Error: simulator.rules line [5], column [49]. Property guestsId is undefined on object.

Upvotes: 0

Related Questions