I am trying to filter out the posts by 'hidingUserId', so set rules are:
match /reviews/{userId=**} {
allow read: if resource.data.hidingUserId == null
|| resource.data.hidingUserId != userId;
allow delete, update, create: if request.auth != null;}
However, in rules simulator I am getting null value error on 'resource'. pls, see the pic 
and running debug on the phone returns 'Missing or insufficient permission'.
and my firestore is in the following order, where 'hidingUserId' is an array in the reviews database. 
thanks for the help!
CodePudding user response:
Why your simulator fails.
resource.data contains the document data you want to fetch. If you try to fetch a document that does not exist, resource.data == null and you get that null value error.
/reviews/userId I don't think there is any document with id = 'userId', so this will try to fetch a non existent document and Null value error will be thrown.
if you use an actual document in your simulator, it should pass true
Why your debug device throws permission error
This is your rule:
match /reviews/{userId=**} {
allow read: if resource.data.hidingUserId == null
|| resource.data.hidingUserId != userId;
allow delete, update, create: if request.auth != null;
}
Allow read if
resource.data.hidingUserId == null. hidingUserId is an array and is not null. Therefore this will be false.resource.data.hidingUserId != userId. userId is a string, hidingUserId is an array. This should be return true. Your rule should pass (unintended). NB: userId above will contain forward slash.
For this, you should use @Dharmaraj suggestion.
CodePudding user response:
You have a recursive wildcard there /reviews/{userId=**} so the value of userId would be "/userId" and not just "userId" which would return false for sure. Also the hidingUserId seems to be an array so an equality won't work. Try removing the =** as shown below:
match /reviews/{userId} {
allow read: if !(userId in resource.data.hidingUserId);
allow delete, update, create: if request.auth != null;
}