I’m learning how to set up the rules for Firestore.
I want to simulate a request of a collection, but it shows an error ("Path must be document-level") and doesn’t let me run the request:
Why is it so? It is a very common thing to request a collection of documents from their API, so why can I not simulate it in the playground?
Here are the rules I’m testing. They don’t exactly work, but that’s a different question:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId}/todos {
allow read, write: if request.auth.uid == userId;
}
}
}
2
Answers
Even if one can fetch an entire Collection, a match statement in Security Rules must specify a document path, as explained in the doc:
So, in the simulator, you must specify a document path and therefore check your rule for a specific document.
And don’t forget another important point which is somehow linked to the above: Rules are not filters
Your question:
Has an unfortunate answer. It’s just not implemented in the console. The playground you’re using only works with single document operations and can’t test collection queries. You can file a ticket with Firebase support to indicate you’re interested in this feature. However, I wouldn’t expect this to happen any time soon because there is already another tool that can do this.
You can use the Firebase Emulator suite to test security rules before deployment. You can write arbitrarily complex queries in JavaScript, put them in a test harness, and run them quickly and repeatedly without having to enter new data for each query.