How do I check the document owner before allow for the user the create ? steps:
- the document is already created by the same owner.
- after that the same owner will try to create property and value inside the doc.
document.owner give me error when publishing.
//only allow create in moviesCommentID/{document} when document is owned by the user
match /moviesCommentID/{document=**} {
allow create: if request.auth != null && document.owner == request.auth.uid;
}
any help is greatly appreciated.
CodePudding user response:
1- Creation
You need to have a field in the Firestore Document you are changing that stores the owner uid
allow create: if request.auth != null && resource.data.ownerUid == request.auth.uid;
2- Update:
Use the same as for "create" (owner is actually the person logged), but also add something to say they cant change the owner to another user
allow update: if request.resource.data.ownerUid== resource.data.ownerUid;
Note that request.resource variable contains the future state of the document
CodePudding user response:
The document variable in your rules is a string with the document ID as its value.
Firestore doesn't have any built-in concept of a document owner. But if you have an owner field in the document's data, you can access that in your rules as resource.data.owner. Also check the Firebase documentation on data validation in security rules.