Intended behavior
The goal is to rework my security rules such that only an authenticated user can read and write the data of that specific user. This is based on the users UID, which is how we identify individual users (this is done from firebase authentication, so not sure what the problem is).
The error
FirebaseError: Missing or insufficient permissions
Any suggestions on what I can do here would be very much appreciated. I haven't been able to find anything applicable in other questions asked.
You need to specify that subcollection in your rules
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read: if request.auth.uid == userId;
match /practitionerClients/{clientId} {
allow read: if request.auth.uid == userId;
}
}
}
}
Whenever you add a new sub-collection like that you should usually have to specify it or add a wildcard rule for that path. So instead of the above rule you could do this
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId}/{document=**} {
allow read: if request.auth.uid == userId;
}
}
}
you can read more here