Reputation: 1
Firebase security rules: some string fields not accessible with resource.data
I want to set up my security rules and want to make certain collections only accessible to the document owner. For that I want to access e.g. for the projects collection the field projectOwner with resource.data.projectOwner. Unfortunately this doesn't work for this and some other fields. (I tried to test it with resource.data.field and fields I knew were not empty) and only with some fields I was able to see documents.
Originally I tried to see if the project owner is in the user teamID (String List):
allow read: if request.auth != null && resource.data.projectOwner in getTeamID(request.auth.uid); (I have the firebase authentication setup)
I first tested the function getTeamID but this works as expected. Then I tried to test projects fields: allow read: if request.auth != null && resource.data.projectOwner != null; but that only works sometimes, although the values are set correctly.
My default is:
match /{document=**} { allow read, write: if false; }
Upvotes: 0
Views: 19
Answers (0)
Related Questions
- What's the difference between Cloud Firestore and the Firebase Realtime Database?
- firebase rule for admin
- Firebase security rules insufficient permissions
- Why firebase_firestore security rules not worked for document read
- Firebase storage security rules to allow public or owner-private file access
- Firebase security rules - can't get resources with get()
- How can I make firebase rules that allow auth users to read all documents but only create their own user document not giving themselves admin rights?
- Firebase Firestore Security Rules: Allow subset of fields
- Firebase: set security rules depending on user roles