Reputation: 1374
map fields in firestore security rule
How can i deny all other requests other than the below fields
client code:
constructor(private afs:AngularFireStore){}
updateOrder(docId:string){
return this.afs.collection("orderCollection")
.doc(docId)
.update({
updatedOn:firebase.firestore.FieldValue.serverTiimestamp(),
updatedBy:{
uid:currentuser.uid
email:currentuser.email
}
})
}
In the incoming request there are two fields.updatedOn and updatedBy.
The request will be allowed only if the request has only the exact fields updatedOn and updatedBy.if the request contains fields other than these two field,it will be denied.
The problem is with the updatedBy field.It is map field.How can i verify the map field using the security rule?
Here is my security rule
match /orders/{order} {
allow read, write: if false;
allow create:if false;
allow update:if hasOnlyFields(['updatedOn'])
}
function hasOnlyFields(keys) {
return request.resource.data.keys().hasOnly(keys)
}
using the above function i can easily verify the plain field updatedOn.But how can verify the map field updatedBy using the above function hasOnlyField?.If it is not possible with the function hasOnlyField, how can i verify the incoming request has only the specified map field and plain field?
Upvotes: 0
Views: 230
Answers (1)
Reputation: 317948
It sounds like you just need to pass any array with all the fields to check:
allow update:if hasOnlyFields(['updatedOn', 'updatedBy'])
Upvotes: 1
Related Questions
- Firestore security rules with reference fields
- Firebase security rules to an specific field
- Firestore per-field security rule
- Firebase Cloud Firestore Security Rules With Map
- Firestore rules for document field
- Firestore security rules based on map values
- Firestore rules - securing data by field
- Per field rules in Firestore Security Rules
- How to write security rule for firestore with "A map of values" query?
- Firestore security rules, nested field