CODEWITHSUNDEEP
firebasegoogle-cloud-firestorefirebase-security
cakePHP
cakePHP

Reputation: 465

security rules for grouped collection and inner collection

I am trying to set firebase security rules for all collections in one collection with Firebase Firestore. I have a collection named game_lookup inside of it I have many named ducuments, One is contest and the others are there. and all of them have many inner level sub collections.

Like

/game_lookup/arcade/level_-6NVwtc0cp-/1

I want to set rules for contest a different and rest of others same rules.

For contest I have defined

 match /game_lookup/{document} {
    allow read: if isAuthenticated();

  match /tournament/{document} {
    allow read: if isAuthenticated();
  }

  match /tournament_players_list/{document} {
    allow read, write: if isAuthenticated();
   
    match /allusersPostion/{document} {
      allow read, write : if false;
    }
    
    match /percentile/{document} {
      allow read, write : if false;
    }
  }

  match /tournament_template/{document} {
    allow read, write : if false;
  }
}

Now this /game_lookup/arcade/master/,

/game_lookup/arcade/level_-6NVwtc0cp-/1

I am not able to access it.

enter image description here

EDIT

How I allow only to those users who are authorized to /game_lookup/contest/tournament_players_list/0Bqbujy16qOYa8YAIbQT/joined/{userId}

I have tried

   match /joined/{document} {
        allow read, create, update: if isAuthenticated() && request.auth.uid == userId;
    }

Not working

Upvotes: 0

Views: 64

Answers (1)

Peter Obiechina
Peter Obiechina

Reputation: 2835

You can't access /game_lookup/arcade/master/, because you have not defined any rules for master subcollection. So define rules like this:

match /game_lookup/{document} {
  allow read: if isAuthenticated();
  
  match /master/{document} {
    allow read: if isAuthenticated();
  }
  // ... other rules

  // For "/game_lookup/arcade/level_-6NVwtc0cp-/1', you also define as below
  match /level_-6NVwtc0cp-/{document} {
    // define rules.
    // rules here will define access for '/game_lookup/arcade/level_-6NVwtc0cp-/1'
  }
}

// **EDIT**
// below works on playground but have not been tested on physical device.
// you can add a more specific rule like this to determine permissions on
// game_lookup/master documents.
match /game_lookup/master {
  allow read: if isAuthenticated();
  // this should determine access for master documents
}
// with this, you can define seperate rules for collection/documents 
that only exist in master documents (per our chat in the comments)

Upvotes: 2

Related Questions