skip to Main Content

Basically, i want users to create account and write data like Name, User, etc. to firestore database. But i don’t know the rules for that.

W/Firestore( 9927): (24.5.0) [Firestore]: Write failed at Users/FPhBBFybqXfCuXtFYTVO: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
I/flutter ( 9927): [cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation.

Actually my rules are:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow create: if request.auth != null;
      allow read, write, update, delete: if request.auth != null;
    }
  }
}

3

Answers


  1. Remove this line:

    allow create: if request.auth != null;
    

    For this, Users won’t be able to create the Document if they are not authorised, e.g logged in or account created.

    For more understanding on rules, visit

    FireStore Security Rules

    Login or Signup to reply.
  2. try this rule:

    rules_version = '2';
    service cloud.firestore {
      match /databases/{database}/documents {
        match /{document=**} {
          allow read, write: if request.auth != null;
        }
      }
    }
    
    Login or Signup to reply.
  3. As @Frank van Puffelen stated in comments :

    Rules don’t do anything on their own, but only get activated when triggered by your code.

    To achieve this you need to have a document already present in the users collection. One way of doing this is using Firebase Authentication trigger on user creation since firebase functions run on Trusted Environment Thus firebase admin sdk does not follow firestore security rules.

    Here is the sample firebase onCreate Auth Trigger.

    functions/index.ts:

    import * as functions from "firebase-functions";
    import * as admin from "firebase-admin";
    
    admin.initializeApp();
    
    export const onCreate = functions.auth.user().onCreate(async (user) => {
      functions.logger.log("User created : ", user);
      const userDoc = admin.firestore().collection("Users").doc(user.uid);
      await userDoc.set({
        email: user.email,
        displayName: user.displayName,
    // you can add extra details too
      });
    })
    

    Since this trigger will be activated as soon as the user is created the next time, when users want to read or update their information, they can do so using the following security rules through the Firebase SDK on the client side:

    rules_version = '2';
    service cloud.firestore {
      match /databases/{database}/documents {
        match /Users/{userId} {
          allow read: if request.auth != null;
          allow write: if request.auth != null && request.auth.uid == userId;
        }
      }
    }
    

    Notice we are only allowing read for logged in user’s but for users to write we are comparing user.uid against the document Id as this is how we have written our Auth trigger.

    Reference: Firebase Authentication triggers and Writing conditions for Cloud Firestore Security Rules

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search