firebase google-cloud-firestore firebase-authentication firebase-security

Firestore Multi-Group Permission Management

Can Firestore security rules manage security permissions across multiple groups? For example, suppose there are individual users Group1 and Group2.

Group1 {
  groupId: string
  groupMembers {
    userId: string 
  }
}

Group2 {
  groupId: string
  groupMembers {
    userId: string
  }
}

Is it possible to manage chat permissions shared by two Groups?

Chat1 {
  editerGroupIds: [groupId, groupId]
}

I thought it would be possible if I could loop the List but Firestore did not support it. Any ideas?

Solution

There is no way to loop over things in security rules, as that would never scale. You'll typically want to store the group membership in a way that allows you to implement an in or an exists check in your security rules. So that means you'd keep a collection with UID-keyed documented, or an array with UIDs for your group.

Firebase maximum projects and apps
Firebase auth: Update (not signed in user) password without use 'sendPasswordResetEmail'
Delete all users from firebase auth console
Creating firebase user with authentication information from Salesforce
Is there a way to use Google Firestore client in Python like in the Pyrebase library?
Flutter FirebaseAuth authStateChanges Not Navigating in initState
Firebase User Doesn't Have Constructor?
Firebase realtime database structure in chat app
node-red Firebase send notification
android.security.KeyStoreException: Signature/MAC verification failed
iOS and FirebaseCrashlytics
Will preventing AD_ID permission to be merged affect Firebase functionality?
Is it possible to use Firebase Realtime Database to implement a distributed mutex?
How to implement role based google authentication using Firebase
Firebase JS SDK `findNearest` function for Firestore Vector search
RxJs Compose a list of Observables and then combine (Firebase)
Flutter NSException: Configuration fails. It may be caused by an invalid GOOGLE_APP_ID in GoogleService-Info.plist or set in the customized options
How to setup FastAPI comunication with firestore through Pyrebase4
Best way to store Firebase admin private key file for AWS lambda
Upgraded angular versions and now getting error: "The AppComponent component is not marked as standalone"
QUOTA_EXCEEDED : Exceeded daily quota for email sign-in in spite of using my SMTP settings
Alternate of Authentication create trigger in 2nd Gen - Cloud Functions
firestore: PERMISSION_DENIED: Missing or insufficient permissions
Conditional rendering based on authentication security question
Firebase Authentication Emulator in Flutter on Android: `Logging in as [email protected] with empty reCAPTCHA token`
FireBase notification not working on new installs
is it safe to have 'firebase-messaging-sw.js" in public url
Defining memory for single firebase functions
How to show API error handle inside of react?
firebase login fails to make request to https://auth.firebase.tools/attest