skip to Main Content

I wrote a firebase rule to allow read only if uid is in user array of parent collection.

When I try to query collection to get list of document, I get the error

> Listen for query at chats/**************/messages failed:
> Missing or insufficient permissions.

Here is security rule I user for collection:

match /chat/{chat_id}/messages/{id} {
      allow read, write: if request.auth != null && request.auth.uid in get(/databases/$(database)/documents/chat/$(chat_id)).data.users;
      allow delete, update: if false;
    }

Is it that my security rule is wrong or a query cannot be performed on collection with such rule?.

2

Answers


  1. I presume that users is an array of uid’s (strings) like:

    users = ["uid1", "uid2", "uid3"]
    

    You could also try storing the users as a dictionary:

    users = {uid1: ..., uid2: ... , uid3: ...}
    

    And access it the following way:

     allow read, write: if request.auth != null && get(/databases/$(database)/documents/chat/$(chat_id)).data.users[reqeust.auth.uid] != null
    
    Login or Signup to reply.
  2. Posting this as a community wiki:

    Firestore Security Rules should be matched by the correct collection name as @Anga mentioned by correcting the collection name should solve the issue.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search