I wrote a firebase rule to allow read only if uid
is in user array of parent collection.
When I try to query collection to get list of document, I get the error
> Listen for query at chats/**************/messages failed:
> Missing or insufficient permissions.
Here is security rule I user for collection:
match /chat/{chat_id}/messages/{id} {
allow read, write: if request.auth != null && request.auth.uid in get(/databases/$(database)/documents/chat/$(chat_id)).data.users;
allow delete, update: if false;
}
Is it that my security rule is wrong or a query cannot be performed on collection with such rule?.
2
Answers
I presume that
users
is an array of uid’s (strings) like:You could also try storing the users as a dictionary:
And access it the following way:
Posting this as a community wiki:
Firestore Security Rules should be matched by the correct collection name as @Anga mentioned by correcting the collection name should solve the issue.