Home > OS >  Why does resource.data in Firestore rules work incorrectly?
Why does resource.data in Firestore rules work incorrectly?

Time:06-10

I have issue with allowing user to read data with such rule:

enter image description here

Here I check if authenticated user is either sender or receiver.

Here's message sample:

enter image description here

Here's users collection:

enter image description here

Problem is that such rule does not work. Even with one of two conditions it fails.

It actually doesn't even see the properties fromUser and toUser in resource.data.

But on tests it allows to read:

enter image description here enter image description here

Can you please tell me where I have mistaken, cause I don't get why I can't access both resource.data.fromUser and resource.data.toUser in Firestore rules? (I am using firebase authentication via Google)

CodePudding user response:

If I correctly understand your question and comment, you are facing the limitation that "Rules are not filters".

Your query "must follow the constraints set by your security rules" so it means that it should filter on the fromUser or on the toUser fields, which is not the case with:

firestore.collection("messages").where("access", "==", hashId).orderBy("createdAt")

(Query from your comment above)


Note that your simulation in the "Rules Playground" works because you are fetching one document, (by its ID, see field Location), which follows the constraints set by your security rules


Finally, to make it easier to write your query, I would add in the message doc a field of type Array that contains both the IDs of the fromUser and toUser. This way you can query with array-contains and also simplify your security rule with the in operator.

  • Related