This is what I have in my rules setup but it does not allow me to view fetched data from firestore unless I’m logged in.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /Photos/{PhotoID}/{document=**} {
allow read, write: if request.auth.uid != null
}
}
}
2
Answers
The
request.auth.uid != null
will returnfalse
if a user requesting data is not logged in with Firebase Authentication. If you want anyone to to fetch data then the rule should beallow read: if true;
.I’m not sure about your use case here but it’s best to allow users to read/write their own data only. For that you’ll need to store their UID somewhere in the document.
Then rules in your questions apply for
Photos
collection and all of it’s sub-collection as you are using a recursive wildcard.You may visit there docs here
Basics of firebase security rules
In addition to @Dharmaraj answer:
The code you provided above helps you check if user is logged in, if logged in then it allows both read and write operation else disallows/denies the operation.
Then if you want a free access to your database such that it will not check whether logged in or not , remove the if condition and only end the command with semicolon[;],
But be careful because if you allow both read and write access without checking if user is authenticated or not, then you endanger your data to the entire world.
To allow only read access:
To allow only write access: