Home > Software design >  Firestore rules query FirebaseError: [code=permission-denied]: Missing or insufficient permissions
Firestore rules query FirebaseError: [code=permission-denied]: Missing or insufficient permissions

Time:11-23

I have a "mail" collection on firestore . I'm trying to set up the security rules so that only the owner author can access control according to uid in fields.

/mail/unique_id

{
author: "RPH6j0eZc2QrDhvsQJhDDFApjnj1"
date: "2022-11-23T10:57:13.580Z"
status: "ongoing"
}

firestore rule :

match /mail/{mailId}{
  allow read, write: if request.auth != null && request.auth.uid == resource.data.author;

 }

function post

this.db.collection('mail').add(data)

reading from collection mail

  this.db.collection('mail',ref=>ref.where('author','==',this.uid)).get().subscribe(res => { })

result : l can read from firestore database but, when l try to push new data l have an error

FirebaseError: [code=permission-denied]: Missing or insufficient permissions.

CodePudding user response:

I can read from firestore database but, when I try to push new data I have an error

This is because for a read rule you have to use resource.data BUT for a write rule you need to use request.resource.data.

So you need to separate into two rules:

match /mail/{mailId}{
   allow read: if request.auth != null && request.auth.uid == resource.data.author;
   allow write: if request.auth != null && request.auth.uid == request.resource.data.author;
 }

More details in the documentation.

Page link:https//www.codepudding.com/Softwaredesign/619977.html

Prev:How to ignore/exclude fields on model on Firestore
Next:how to make firestore data online only?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding