Search code examples
firebasesecuritydartgoogle-cloud-firestorefirebase-security

How To Detect Array Entry Deletion Request In Firestore Rules

I need to delete an entry in an array in one of my documents in firestore (that's a lot of "in's")

The only way to do that (according to this) is through an update request that sets the entry's value to some weird non-number value using FieldValue.arrayRemove(val) or FieldValue.delete().

How do I detect this "hippity hoppity delete your property" value in Firestore rules? Because currently I have it set that you can only write your own UID to that array, and I want it to also allow you to delete your own entry.

My Dart code:

FirebaseFirestore.instance.collection("requests").doc(id).update({"likes." + FirebaseAuth.instance.currentUser.uid: FieldValue.delete()});

My Firestore rules (likes is the array):

rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
  match /requests/{requestID} {
    allow update: if (request.resource.data.likes.hasOnly([request.auth.uid])) && (resource.data.likes.size() + 1 == request.resource.data.likeCount);
        }
    }
}

My firestore: Firestore Pic

Solution

  • You can check if the array that comes in has not the uid and if the size is only one less so it only deleted one and it should be the uid one.

    It should be something like:

    
match /databases/{database}/documents {
    match /requests/{requestID} {
        allow update: if
            resource.data.likes.hasAll(request.resource.data.likes) &&
            resource.data.likes.hasAll([request.auth.uid]) &&
            !request.resource.data.likes.hasAll([request.auth.uid]) &&
            request.resource.data.likes.size() == resource.data.followers.size() - 1          
    }
}