Reputation: 87
Firebase Firestore only allow user to query a collection if there is a filter
I'm trying to create a Firestore rule which only allows a user to list documents from a collection where they're filtering a field.
// would fail:
db.collection('documents').get();
// would succeed:
db.collection('documents').where('fieldId', '==', 123456).get();Is there a way to accomplish this through Firestore rules?
Upvotes: 1
Views: 411
Answers (2)
Reputation: 87
I got it working with
allow list: if int(resource.data.fieldId) > 100000000000000000;
since all of the ids are over 100000000000000000. Now attempting to list a collection without .where('fieldId', '==', someId) is rejected.
Upvotes: 1
Reputation: 599601
The only way I can think of is with query based rules.
Something like this:
allow read: if resource.fieldId.published == 123456;
But I don't think there's a way to only require them to filter on fieldId, no matter what value.
Interestingly enough, this is possible with Realtime Database security rules, which have a separate clause for query.orderByChild.
I think this sounds like a reasonable feature though, so I recommend you file a feature request. It won't help you now or in any near feature, but... who knows. 🤞
Upvotes: 1
Related Questions
- Disable querying collection in Firebase Cloud Firestore with rules
- Javascript filtering data from Firestore
- Firebase Firestore security rule: Only allow collection group query if filtering by a specific field
- Firestore Security: rules to retrieve list of the data using db.collection and where clause
- Limit access to firestore based on query conditions
- View only certain collections by user on Firebase/Firestore
- Firestore permissions and rules for querying collections (list) that belong to the logged-in user
- How to Filter firestore collection by multiple ids
- firestore query filter based on a collection
- How to allow user to query collection but only access certain results in collection?