CODEWITHSUNDEEP
firebasegoogle-cloud-firestorefirebase-security
bastifix
bastifix

Reputation: 483

Firebase rules for collection group subcollection: resource.data is empty?

I use collection grouped subcollections, so (in my understanding) I have to use a wildcard:

match /{path=**}/actions/{action} {
          allow read, write: if request.auth != null;
}

This is working so far. It'sworking also when implenting another rule:

match /{path=**}/actions/{action} {
          allow read, write: if request.auth != null
                           && request.auth.token.email !='';
}

But I want to check if the user has access with data in the document and there comes the problem:

match /{path=**}/actions/{action} {
          allow read, write: if request.auth != null
                           && request.auth.token.email in resource.data.access;
}

leads to

FirebaseError: Missing or insufficient permissions.

with:

this.afs.collectionGroup("actions", ref => 
  ref.where("owner.email", "==", user.email)
).valueChanges({ idField: 'id' }).pipe(take(1))

So far I couldn't find any further information about how to access data within a wildcard.

Upvotes: 0

Views: 178

Answers (1)

Dharmaraj
Dharmaraj

Reputation: 50830

The data of document being accessed is present in resource and not request. So the rule should be:

request.auth.token.email in resource.data.access;

Do note that here resource has data of the document in actions sub-collection (/actions/{doc}).

You can find more information about data validation in the documentation.

Upvotes: 1

Related Questions