Reputation: 413
Firestore security rule that only allows empty documents
I'm basically trying to use a firestore collection as a an email list. Anyone can create a document that has their email as the id and nothing more. The tricky part is the "and nothing more" bit. When no data is provided in the request, request.resource is undefined which you can't check for in security rules to my knowledge. Is this possible? Or is it necessary to have something like one mandatory field for this use case?
Upvotes: 0
Views: 500
Answers (2)
Reputation: 413
For the benefit of others looking to make an email list in firestore, this is the full rule I ended up using:
match /email-list/{email} {
allow get: if true;
allow list: if false;
allow create: if request.resource.data.keys().hasOnly(["marker"])
&& request.resource.data.marker == true
}
Upvotes: 0
Reputation: 598740
Having empty documents regularly leads to issues down the line. Why not require a single marker field, and validate that in rules?
request.resource.data.keys.hasOnly("marker")
Upvotes: 1
Related Questions
- How to check if a document is empty in Firestore?
- How to write security rules for users setting documents that don't exist?
- Data validating in firestore security rules, refuse if unknown data
- how to write Firestore security rules to also allow null value and undefined value in a single field?
- Firestore Security Rule for allowing only one document
- Firestore rules for document field
- Firestore security rules - if exists statement
- Firestore create document if it doesn't exist security rule
- Firestore security rules: check for not exists(/collection/document)
- Firestore rules when data doesn't exist