Home > Net >  Firestore rules saying document get function is wrong
Firestore rules saying document get function is wrong

Time:11-06

In my new app there are a series of projects with costs in the firestore. Below is the rules I'm using to secure these documents:

rules_version = '2';

service cloud.firestore {
    match /databases/{database}/documents {
        match /projects/{project} {
            function isSignedIn() {
                return request.auth != null;
            }

            function isAdmin() {
                return isSignedIn() && get(/databases/(database)/documents/users/$(request.auth.uid)).data.isAdmin) == true);
            }

            allow read: if isSignedIn();
            allow create, update, delete: if isAdmin();
        }
    }
}

When I try to deploy this rule set, I get the following errors:

Error: Compilation errors in firestore.rules:
[E] 11:41 - Missing 'match' keyword before path.
[E] 11:51 - Forward slash '/' found where identifier or binding expected.    
[E] 11:52 - mismatched input '(' expecting {'{', '/', PATH_SEGMENT}
[E] 11:62 - Missing 'match' keyword before path.
[E] 11:62 - Unexpected '/documents'.
[E] 11:78 - Forward slash '/' found where identifier or binding expected.    
[E] 11:79 - mismatched input '$' expecting {'{', '/', PATH_SEGMENT}
[E] 11:98 - token recognition error at: '`'
[E] 23:1 - Unexpected '}'.

Basically it doesn't like the get line. But I got this right out of the firestore documentation here. Does anyone have any ideas why this might not work?

CodePudding user response:

You have some small errors:

  1. you have two not needed )
  2. you forgot the $ before the database

try this:

rules_version = '2';

service cloud.firestore {
    match /databases/{database}/documents {
        match /projects/{project} {
            function isSignedIn() {
                return request.auth != null;
            }

            function isAdmin() {
                return isSignedIn() && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isAdmin == true;
            }

            allow read: if isSignedIn();
            allow create, update, delete: if isAdmin();
        }
    }
}
  • Related