CODEWITHSUNDEEP
firebasegoogle-cloud-firestorefirebase-security
Neil Bergenroth
Neil Bergenroth

Reputation: 125

How do I set Firebase Firestore Rules?

I am trying to figure out why my rules for reading data from the strokedata collection won't work. The document id is the uid of the user that created the document and the coachuid is the uid of another user. I can't seem to make the read permissions work, so I am wondering what I am missing? Thanks in advance for your help.

  rules_version = '2';
    service cloud.firestore {
      match /databases/{database}/documents {

       function isSignedIn() {
              return request.auth != null;
            }

        match /strokedata/{document} {

          allow write: if isSignedIn() && document == request.auth.uid;
          allow read: if document == request.auth.uid || request.auth.uid == resource.data.coachuid; 

           }  

         match /users/{document} {

          allow create: if request.auth.uid != null;
          allow read: if request.auth != null;
          allow write: if document == request.auth.uid; 
      }
    }
  }

Here is the client request code:

self.db.collection("strokedata").whereField("sessionid", isEqualTo:  self.currentsession as Any).addSnapshotListener { (querySnapshot, err) in
if let err = err {


 print("Error getting documents: \(err)")

 } else {

 for document in querySnapshot!.documents {
 print("\(document.documentID) => \(document.data())")

            if let watts = document["watts"], let split =   document["currentsplit"], let time = document["time"], let strokerate = document["strokerate"], let distance = document["distance"]  {

            self.lblCurrentWatts.text = "\(watts)"

            let splitS = split as! Double
            let timestring = splitS.asString(style: .positional)

            let timeS = time as! Double
            let splitstring = timeS.asString(style: .positional)

            self.split500.text = "\(timestring)"
            self.timeElapsedData.text = "\(splitstring)"
            self.strokeRateData.text = "\(strokerate)"

            self.lblDistance.text = "\(distance)m"

            if document["heartrate"] == nil {
            self.heartRateData.text = "\(0)"
                                           } else {
            if let heartrate = document["heartrate"] {
            self.heartRateData.text = "\(heartrate)"

                        }

Upvotes: 0

Views: 46

Answers (1)

Doug Stevenson
Doug Stevenson

Reputation: 317828

Your query doesn't match your rules. Your query is only apply a single filter on the field sessionid, but your rules a requiring the that the user can only read documents with an ID that matches their UID or document whose coachuid matches their UID. Since your query neither identifies the document to read nor filters with an appropriate value of coachuid, it fails every time.

If you were expecting that this rule act as a filter for allowing only certain documents to be read by a user, that won't work because security rules are not filters (be sure to read the docs at that link).

Upvotes: 1

Related Questions