CODEWITHSUNDEEP
firebasegoogle-cloud-firestorefirebase-security
Trax
Trax

Reputation: 1538

Firestore rules allow subcollection

My db structure is like this:

//Sub collections
/inventory/{inventoryId}/armor/chest/
/inventory/{inventoryId}/armor/head/
...
// Document
/inventory/{inventoryId}.ownerUID  // ownerUID = firebaseID
/inventory/{inventoryId}.charName // Character  name that owns this inventory, each user can own multiple characters, each character has one inventory linked to it

Probably not relevant:

 /characters/{charName}.ownerUID
 /characters/{charName}.charName
 /characters/{charName}.inventoryID

I'm trying to write the rules so each user can only read/write inventories that belong to him, for the top document in inventory I can just write something like:

match /inventory/{inventoryID}/{document=**} {
    allow read,write: if request.auth != null && resource.data.ownerUID == request.auth.uid
}

However, this will fail for nested collection as the resource.data.ownerUID only exists at the top level.

Is there a way I can get {inventoryID} from /inventory/{inventoryID}/{document=**} and check it against firebaseID or maybe somehow use the data from /character/

Is my only option adding ownerUID to every subcollection of /inventory?

Upvotes: 0

Views: 70

Answers (1)

Doug Stevenson
Doug Stevenson

Reputation: 317352

If you need to use fields from other documents than the one that matches the match pattern, you can use get() to read that document and use its fields. For example:

match /inventory/{inventoryID}/{document=**} {
    allow read, write: if
      get(/databases/$(database)/documents/inventory/$(inventoryID)).data.ownerUID
        == request.auth.uid;
}

Upvotes: 2

Related Questions