Home > Software engineering >  Security rules : FirebaseError: Missing or insufficient permissions
Security rules : FirebaseError: Missing or insufficient permissions

Time:07-03

I'm attempting to allow each user read and write their own data using firestore, but I'm getting an insufficient permissions error. I'm not sure why.

I have these rules in place for my firestore. I'm just trying to compare the user's UID (stored in createdBy property) with the user's uid accessible in request.auth.uid

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
     match /bots/{id} {
       allow read, write: if request.auth != null && resource.data.createdBy == request.auth.uid;
              
       match /order_history/{id} {
         allow read, write: if request.auth != null && resource.data.createdBy == request.auth.uid;
       }
    }
  }
}

And my query that retrieves the data:

const orders = await getDocs(query(collectionGroup(db, 'order_history'), orderBy('datetime'), where('createdBy', '==', user.uid)));
    setOrders(orders.docs.map((doc) => ({
      ...doc.data()
    })))
}

Here is an overview of my Firestore organization: enter image description here

My front returns FirebaseError: Missing or insufficient permissions.

What did I do wrong?

CodePudding user response:

You're performing a collection group query, which needs a rules of this type:

match /{path=**}/order_history/{id} {
  allow read: ...
}

That's because a collection group indexes documents at any path in the database, so you also need permission to read that data from any path.

Also see the documentation on defining security rules for a collection group query

  • Related