newbie coder
Reputation: 838
Firestore security rules: get() returns different result than the expected one
I have a firestore collection of usernames where each individual username acts as a document id. Each individual document has two fields only - uid (the uid of the owner) and createdAt. Thats all. I want to write a security rue, where I say "You can delete username ony if you own it". So here is my security rule:
match /usernames/{username} {
function userOwnsUsername() {
let unused = debug("does user owns username?");
let uid = get(/databases/$(database)/documents/usernames/$(username)).data.uid;
return debug(request.auth.uid == uid);
}
allow delete: if isUserAuthenticated() && userOwnsUsername();
}
function isUserAuthenticated() {
return request.auth.uid != null;
}
When I remove the rule userOwnsUsername the operation is executed successfully. Can someone tell me what I am doing wrong?
Upvotes: 0
Views: 39
Answers (1)
Dharmaraj
Reputation: 50830
You don't have to use get() when trying to read data from the document being accessed/updated. Try using resource.data instead:
match /usernames/{username} {
function userOwnsUsername() {
return request.auth.uid == resource.data.uid;
}
allow delete: if isUserAuthenticated() && userOwnsUsername();
}
Upvotes: 1
Related Questions
- Firestore rules saying document get function is wrong
- Firebase Firestore Rules get() Not Working
- Firestore Security Rules "get()" not working?
- Why does a Firestore security rule using get() not work while another rule using resource.data works?
- Missing or Insufficient permissions on Firestore Security Rule with get()
- Firestore Security Rules not working as expected
- Firestore Security rule always returns null for resource
- Firestore security rule get() not work
- Cannot get function with 'get' part in Firestore rules to work correctly
- Firestore security rule get() not working