I’m using Firebase on my project, but when i use custom rules, nothing work.
I wanna allow reads from all users, but only admins can update, delete and write new datas
My rules
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /documents/{collectionName} {
allow update, delete, write: if isAdmin();
allow read: if true;
}
function isLoged() {
return request.auth != null && request.auth.uid != null
}
function isAdmin() {
return isLoged() && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "ADMIN";
}
}
}
My use
import { initializeApp } from 'firebase/app'
import { getFirestore, collection, getDocs } from 'firebase/firestore'
// Configurações do seu projeto Firebase
const firebaseConfig = { ... };
const app = initializeApp(firebaseConfig);
// Referência para o Firestore e o Storage
const db = getFirestore(app)
export const animesCollection = collection(db, 'animes')
console.log({ docs: (async () => await getDocs(animesCollection))() })
In the Firestore rules lab everything works perfectly
This work, but i do know how can i configure my rules based com collection name and auth
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}
2
Answers
I fixed it by changing the rules to
Here are the updated rules for reference:
All users will be able to read the documents thanks to these rules, but only administrators will be able to write to, edit, or remove them. To implement the modifications, don’t forget to deploy these revised rules to your Firebase project.
This is the official Firebase security rules documentation. The Firebase Security Rules Documentation gives an overview of the rules syntax, security ideas, and samples of rule settings.