Home > Software design >  How to access my data field in Firebase Security Rules
How to access my data field in Firebase Security Rules

Time:12-17

Security Rules

I am trying to grant permission based at a document field:

    match /users/{user}/{documents=**} {
            allow read, write: if resource.data.uid == request.auth.uid
    }

Firebase query

Here is how my query looks:

query(collection(db, "users", match.params.uid, "promotors"));

Error message

But I keep geting this message:

FirebaseError: Missing or insufficient permissions.

CodePudding user response:

Your query is not in any way checking the data in a field in the documents, so it will never meet this part of your rules: resource.data.uid.

Instead what you seem to have is a case where the document ID matches the UID of the user, which you can check with:

match /users/{user}/{documents=**} {
    allow read, write: if user == request.auth.uid
}

Also see the documentation on content owner only access.

  • Related