Unable to base security rule condition on resource data in Firebase
I am attempting very simple thing and that is matching request.auth.uid to a field value in my transaction documents (like this resource.data.useruid) in Firebase security rule in order to get transactions of a particular logged in user. However, I don't get any documents while querying for them and get an error instead.
This is how the collection looks like - just one document there with useruid field.
The field's value is mapped to the users uid (screenshot taken in the Authentication -> Users tab.
And the rule looks like this
I should get the one document back but every time I query the documents with that user logged in (I am using angularfire2 for those purposes) I get Error: Missing or insufficient permissions.
If I modify the rule condition to return always true or if I only check for truthiness of request.auth.uid I get the query result alright. The funny thing though is that with resource.data involved - eg. checking for value of the amount field in the firebase rule - the condition is never met. I tried to write it like
allow read, write: if resource.data.amount == 3
and got the error again. Seems like I don't get the resource.data Map at all.
I feel like I am missing something obvious, although after reading the guides, it seems alright to me and I am already out of ideas. The debugging capabilities (or lack of) make the whole process very slow.
Could you please explain to me, why I don't get the resource.data Map in the firebase security rule or point me to a place where the problem might be?
You have most probably missed one specific point in the doc: your query fails "because it does not include the same constraints as your security rules". See https://firebase.google.com/docs/firestore/security/rules-query#secure_and_query_documents_based_on_authuid
The following, with your security rules works perfectly:
firebase.auth().signInWithEmailAndPassword("[email protected]", "xxxxx")
.then(function (info) {
db.collection("transactions").where("userid", "==", info.uid).get().then(function(querySnapshot) {
querySnapshot.forEach(function(doc) {
console.log(doc.id, " => ", doc.data());
});
});
});
If you remove the where clause, you get the exact error you are getting
- android.security.KeyStoreException: Signature/MAC verification failed
- iOS and FirebaseCrashlytics
- Will preventing AD_ID permission to be merged affect Firebase functionality?
- Is it possible to use Firebase Realtime Database to implement a distributed mutex?
- How to implement role based google authentication using Firebase
- Firebase JS SDK `findNearest` function for Firestore Vector search
- RxJs Compose a list of Observables and then combine (Firebase)
- Flutter NSException: Configuration fails. It may be caused by an invalid GOOGLE_APP_ID in GoogleService-Info.plist or set in the customized options
- How to setup FastAPI comunication with firestore through Pyrebase4
- Is there a way to use Google Firestore client in Python like in the Pyrebase library?
- Best way to store Firebase admin private key file for AWS lambda
- Upgraded angular versions and now getting error: "The AppComponent component is not marked as standalone"
- QUOTA_EXCEEDED : Exceeded daily quota for email sign-in in spite of using my SMTP settings
- Alternate of Authentication create trigger in 2nd Gen - Cloud Functions
- firestore: PERMISSION_DENIED: Missing or insufficient permissions
- Conditional rendering based on authentication security question
- Firebase Authentication Emulator in Flutter on Android: `Logging in as [email protected] with empty reCAPTCHA token`
- FireBase notification not working on new installs
- is it safe to have 'firebase-messaging-sw.js" in public url
- Defining memory for single firebase functions
- How to show API error handle inside of react?
- Why is signInWithPhoneNumber from @capacitor-firebase/authentication doesn't works Ionic app for iOS?
- Separating Firebase Functions Into Self-Contained "Packages" (Not separate files - entirely separate packages)
- Firebase's Realtime Database's `startAt` isn't working as expected
- Parsing Data From Firebase In React
- Firebase Firestore timestamp not allowed inside array
- How can I solve this Build error in Unity after adding Firebase to the project?
- How to deploy Angular 17 ssr mode on firebase
- how to delete account (multiple select) in firebase users tab?
- Firebase App Distribution: Click download, "Item not found" in Play Store