Reputation: 2402
Firestore security rules nested Collection Group query
I have the following rules:
-> Requests
-> documentID
-> name: Andrey Solera
-> email: [email protected]
-> userID: 1234ID
-> resolved: pending => (can also be accepted or rejected)
I want to be able to push a new document into the Requests node if and only if the userID of the person sending the request has not yet added a request.
I know that I can use the userID as the documentID, however, I want some kind of history of documents in case the user has made a request that has been rejected, and by using the userID as the documentID there's no possibility of having a history as far as I know.
Is it possible checking a nested object using Firestore security rules?
Upvotes: 0
Views: 161
Answers (1)
Reputation: 598708
Security rules can check whether a document exists at a specific path. They cannot query whether a document exists that matches other types of conditions however.
So if you have a document with the user's UID as its ID in a subcollection, you can check for that with an exists() call in your rules.
Upvotes: 1
Related Questions
- security rules for grouped collection and inner collection
- Firebase Firestore security rule: Only allow collection group query if filtering by a specific field
- firebase firestore subcollection access rules
- Firestore security rule: query subcollection based on permission of parent document
- Firestore rules on subcollection
- Firestore rules allow subcollection
- Cloud Firestore rules on subcollection
- Firestore rule: match top level collection
- Firestore collection group rules
- Collection group queries getting denied by firebase rules