Solsiden
Reputation: 784
Data validating in firestore security rules, refuse if unknown data
match /my-data/{userId}
{
allow write: if "name" in request.resource.data;
}
This above validates if name is in the data. But it also allows any other data to be written along with "name". What do I do if I only want name in the data, and if any other data is provided, then deny write operation?
Upvotes: 0
Views: 53
Answers (1)
Frank van Puffelen
Reputation: 598740
You're looking for the List.hasOnly operation, which allows you to ensure a list has only certain members.
Something like this:
request.resource.data.keys().hasOnly("name")
If the document can already contain any fields, but only the name field is allowed to be modified, you'll want to combine hasOnly wih the map.diff() operation.
So that'd be something like this:
resource.data.diff(request.resource.data).keys().hasOnly("name")
Upvotes: 1
Related Questions
- Firestore Rules - Datatype Validation
- firebase security rules check 2 fields in data
- Firestore rules validate query field value
- Firestore Security Rules - check if field is a valid email address
- Firestore security rules: How to validate that a field is undefined?
- Firestore Security Rule - Validate incoming data length is greater than 2 but field is not required
- Firestore Rules - Validate if data exists in other collection
- Firestore Rules: validate data does not have field
- Firestore rules: condition check fails when data is number
- Firestore rules when data doesn't exist