Adam93
Adam93

Reputation: 13

Firestore Cloud rules

I have been working around rules to my Firestore Cloud database. I would like to implement rule, that allows create, update, delete on docs if user with ID, which is stored in database, has field role set to admin.

Is it possible to retrieve users role in database rules somehow?

I am not using the Admin SDK, so I do have declared custom claims to each user.

Please Check

Upvotes: 0

Views: 39

Answers (1)

Dev
Dev

Reputation: 1374

Definitely, you can use get method to access other document within security rule

get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role== 'admin'

This method will access the document from users collection where document id is equivalet to currently signed user's UID. Remember, while using this method you will be billed for reading documents even if your rules reject the request.

firestore security rule

Upvotes: 1

Related Questions