I'm attempting to allow each user read and write their own data using firestore, but I'm getting an insufficient permissions error. I'm not sure why.
I have these rules in place for my firestore. I'm just trying to compare the user's UID (stored in createdBy property) with the user's uid accessible in request.auth.uid
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /bots/{id} {
allow read, write: if request.auth != null && resource.data.createdBy == request.auth.uid;
match /order_history/{id} {
allow read, write: if request.auth != null && resource.data.createdBy == request.auth.uid;
}
}
}
}
And my query that retrieves the data:
const orders = await getDocs(query(collectionGroup(db, 'order_history'), orderBy('datetime'), where('createdBy', '==', user.uid)));
setOrders(orders.docs.map((doc) => ({
...doc.data()
})))
}
Here is an overview of my Firestore organization:
My front returns FirebaseError: Missing or insufficient permissions
.
What did I do wrong?
CodePudding user response:
You're performing a collection group query, which needs a rules of this type:
match /{path=**}/order_history/{id} {
allow read: ...
}
That's because a collection group indexes documents at any path in the database, so you also need permission to read that data from any path.
Also see the documentation on defining security rules for a collection group query