Firebase Uid VS Document-Id and Firestore Rules

How do I access the document ID in firestore rules

The following rules will be effective on documents of 'All Schools' collection only and not documents of 'Classrooms' sub-collection:

match /All%20Schools/{schoolID} {
  // ...
}

That's why db.collection("All Users").doc(uid).get() works and fetching 'Classrooms' collection fail since you do not have any rules specified for it. Although you had a recursive wildcard earlier (before editing the question), resource object contains data of those documents being matched in 'Classrooms' sub-collection and hence getUserData().school == resource.id failed too.

That being said, try specifying rules for 'Classrooms' sub-collection as well:

match /All%20Schools/{schoolID}/Classrooms/{classId} {
  allow read, write: if getUserData().school == schoolID;
}

Firestore rules to access collection that matches Auth uid

Solved this problem after using the rules playground.

First I didn't have permission to look at the parent document at all, then I gave specific document permission to each user to access the specific child document.
If I add a new child document I will need to add a rule.

service cloud.firestore {
  match /databases/{database}/documents {
    match /UserData/{ID}{
    allow read, write :if request.auth  != null && request.auth.uid == ID;
    // allow users to create and access their parent document
    }
  
    match /UserData/{userId}/randomDocumentName/{doc=**} {
      allow read, write :if request.auth != null && request.auth.uid == userId; // allow read and write to the documents they own
    }
  }
}

Only allow document to be read if ID is known

It's pretty common to do this kind of authorization, and yes, it's possible.
Firestore Security Rules provide to us request.auth.uid which contains the UID of the user making the request or null if it's unauthenticated.

So, you could use that information with an equality operator:

match /proposals/{uid} {
  allow list, update, delete: if false;

  // Allow getting Documents if the Document ID is equal to the currently uid of the authenticated user who is making the request.
  allow get: if request.auth.uid != null && request.auth.uid == uid;
  allow create;
}

You should use get to define rules that will apply when any user is trying to get a document. Note that read is for any type of read request, which includes get and list.

More about Security Rules and Authentication: https://firebase.google.com/docs/rules/rules-and-auth

Firestore Rules, request.auth.uid is not the same as uid I get from firebase auth google signin

First of all, it's not a good idea from a modeling perspective to give each user their own top-level collection. You should instead give them each a document in a single collection (say, "users") then give them subcollecitons under that as needed. You will probably understand why this after you use Firestore for a while, but even if you don't understand now, I suggest you change it to closer to what you see in the documentation.

The rule you have now doesn't work because it doesn't match any documents. You need at least two components to match a document. If you want to match all documents in a collection, you will need another wildcard for that:

rules_version = '2';
service cloud.firestore {
  match /databases/{database} {
    match /{userId}/{docId} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

Firestore Rules matching UID with Document Field not working

Your query does not match your rules. Your rule absolutely requires that the user must only query for specific documents where their UID matches quid field of the document. However, your query doesn't put any requirements on the quid field. It's important to know that Firestore security rules are not filters, and they will not allow a query where there is any possibility of matching a document that does not satisfy the rules as written.

In order to get your query to work, it must specify a filter on the quid field that matches the requirements of the rule.

db.collection('question')
    .where("email", "==", userObject.email)
    .where("quid", "==", uid)

where uid is the UID of the currently signed in user (e.g. firebase.auth().currentUser.uid).


Related Topics

Lazy Property Initialization in Swift

Skaction Completion Handlers; Usage in Swift

Generatesdecimalnumbers for Numberformatter Does Not Work

Making Parts of Text Bold in Swiftui

What Makes a Property a Computed Property in Swift

Getting Clang: Error: Linker Command Failed with Exit Code 1 (Use -V to See Invocation) While Google Signing

Get Signed Integer from Swift String of Binary

Save & Retrieve Tableviewcell Checkmark Using Nsuserdefaults in Swift

Swift Switch Statement Considered All Cases of Int, But Compiler Still Display Error

How to Loop Through an Array from the Second Element in Elegant Way Using Swift

Arkit -Drop a Shadow of 3D Object on the Plane Surface

Extending View with Extra Function Without Using Anyview

How to Make a Button Have a Rounded Border in Swift

How to Change Navigationbar Font in Swift

Swift: How to Get Everything After a Certain Set of Characters

Appearance Proxies/Ui_Appearance_Selector in Swift

Continuously Train Coreml Model After Shipping

Swift: How to Implement a Login Storyboard


Leave a reply



Submit