I have a document named 'PublicList' that can be read by anyone in a collection. However I want to allow read to the rest of the documents in that collection only if request.auth != null. However it is not working.
This is the code:
match /users/{user} {
allow read: if user == 'PublicList';
allow read, write: if user != 'PublicList' && request.auth != null;
}
I think the second read will override the first. Can you try this?
match /users/{user} {
allow read: if (user == 'PublicList' || (user != 'PublicList' && request.auth != null));
allow write: if user != 'PublicList' && request.auth != null;
}
'PublicList' can be read by everyone. Any other document can be read by authenticated users only.
No documents can be written except 'PublicList' and that too by an authenticated user.