Home > other >  Firebase Security Rules for allow read treats request.resource.data differently than resource.data
Firebase Security Rules for allow read treats request.resource.data differently than resource.data

Time:12-13

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{user} {
      allow read: if request.auth != null && request.auth.uid == resource.data.owner;
      allow write: if request.auth != null && request.auth.uid == request.resource.data.owner;
    }
  }
}

The above is my working version, but if I switch the allow read line to:

allow read: if request.auth != null && request.auth.uid == request.resource.data.owner;

Then I get "Missing or insufficient permissions." an error when fetching documents.

New to Firestore and I didn't see anything in the documents to suggest this should happen.

Shouldn't resource and request.resource be the same for read requests?

CodePudding user response:

Shouldn't resource and request.resource be the same for read requests?

No, they aren't the same: As explained in the doc, request is the incoming request context and the request.resource value is present on write requests only.

For a read rule, "the resource variable refers to the requested document, and resource.data is a map of all of the fields and values stored in the document" (excerpt from the part of the doc about data validation).

Page link:https//www.codepudding.com/other/640709.html

Prev:Firebase real time database read and write without authentication?
Next:How to store a sql database connection pool in Firebase functions?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding