I am developing an IOS app which lets user delete the documents created by them.
I am using the following:
Collection_Ref.document(docId).delete()
This works perfectly fine when I use the below database rules:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write;
}
}
}
The above rule is okay for development. I can see this solution in other stack overflow questions too.
But when I use the below rule, the documentnts are not deleted and I am getting the message "Missing or insufficient permissions":
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
What I want: I want to use "allow read, write: if request.auth != null;" and be able to delete the user’s documents. Please advice.
I also tried the below rules, but I couldn’t even login with these:
service cloud.firestore {
match /databases/{database}/documents {
// match /{document=**} { //behaves the same commented out or not
match /posts/{docId} {
allow read: if request.auth != null;
allow write: if request.auth != null && request.auth.uid == resource.data.ownerUid;
}
// }
}
}
But I see that the new user is created but couldn’t login to the app.
I used the below rules which lets me login but I couldn’t see any content, even the posts created by the user:
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow update, delete: if request.auth != null && request.auth.uid == userId;
allow read, write, create: if request.auth != null;
}
}
}
I also tried the below rule, I could login and create a post but when I delete the user, the user’s posts are not deleted. I am getting the message ‘Missing or Insufficient permissions’:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
match /users/{userId} {
allow update, delete: if request.auth != null && request.auth.uid == userId;
}
}
}
And the following rules are also exhibiting the same behavior respectively:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write, create, update, delete: if request.auth != null;
}
}
}
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
//allow read, write, create, update, delete: if request.auth != null;
allow read, write: if request.auth != null;
}
match /posts/{docId} {
allow update, delete: if request.auth != null && request.auth.uid == resource.data.ownerUid;
}
}
}
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
match /posts/{docId} {
allow update, delete: if request.auth != null
}
}
}
2
Answers
I have made modifications to my code to be able to work with these rules:
The problem was the completion handler didn't work properly. The account was logged out before the documents were deleted.
I fixed the problem by fixing the completion handler and checking if the deletion process is completed before singout().
The problem with the completion handler was that it was non-escaping by default which means the function can be terminated before the closure finishes execution
To answer your question directly, this is the correct syntax:
You’ll want to refine these rules further, possibly collection by collection. But to fix the permission error with the scant ruleset you want to use, this will do it. Also, you do not need to create a function here but when you eventually get a more granular ruleset, which will often check for auth state, this function will come in handy.