Home > database >  firebase firestore security rules without authed user
firebase firestore security rules without authed user

Time:12-01

I'm developing a simple ecommerce website using firebase, using firestore database. Whenever a customer buys a product, I want to trigger an email using the trigger email function and also save details of the sale in another firestore database.

All was working well with 'if true' firestore security rules, but now that I have deployed, my rules keep getting changed to

allow create: if request.auth.uid == request.resource.data.author_uid;
allow update, delete: if request.auth.uid == resource.data.author_uid;

and all my database writes fail due to missing or insufficient permissions.

As far as I understand it, this means that writes to the database are not allowed unless an authorized user is signed in.

I do not want customers to have to register and sign in to be able to buy from the site. How can I do database writes when nobody is logged in?

I've tried using anonymous users, but I do not fully understand the rules documentation.

Not sure if it's relevant, but I'm using vue.js and the site is hosted with firebase too.

CodePudding user response:

"my rules keep getting changed to"

This likely means that you have a firestore.rules file that gets deployed when you run firebase deploy. If this is the cause, you can remove the reference to that rules file from your firebase.json file.

As said in the documentation on updating and deploying your security rules through the Firebase command-line interface:

Note: When you deploy security rules using the Firebase CLI, the rules defined in your project directory overwrite any existing rules in the Firebase console. So, if you choose to define or edit your security rules using the Firebase console, make sure that you also update the rules defined in your project directory.

  • Related