Users of our app can add other users as friends. Each friends list is implemented as a map where the key is the id of the users and where the value is some data related to the user. The following map is an example of how it looks like :

{'id_1' : {displayName: 'John Doe', color: 3412445}, 'id_2' : {displayName: 'Bob Alison', color: 84655467}}

We want to add rules to make data validation on the fields in the values of the map. The displayName needs to be a string and the color needs to be a number.

In the firestore rules we can check the new added friends by doing like so :

let addedFriendsKeys = newFriendsList.diff(oldFriendsList).addedKeys()

But is there a way to retrieve the values related to that list of keys? something like :

let newFriendsList.getAll(addedFriendsKeys).forEach((p0)=>isDataValid(p0))

CodePudding user response：

There are no looping operations in Firestore security rules. You will have to enumerate the keys that you want to validate.

CodePudding user response：

The following answer is not mine (Credits to Frank van Puffelen). It's coming from this post but answers perfectly to the question :

If you're asking about doing this in server-side security rules, then you've precisely hit the nail on the head: there is no ability to loop in Firebase's server-side security rules. See the reference documentation for the operations that can be performed on a List in a document. This limits what can be accomplished in security rules, and as far as I can see none of the use-cases you mention can be implemented with just security rules.

The simplest approach I can think of is by using Cloud Functions to implement the logic. You could either have the Cloud Function inspect the documents in place in the current collection, or you can have the client write to a different collection (of "pending" documents), have the Cloud Function validate the document, and move it to the actual collection.