Search code examples
google-cloud-firestorefirebase-securityrules

In Firestore security rules, does doing request.resource.data() account for first time writes?

match /databases/{database}/documents 
  {
    match /users/{theuser=**}
    {
     match /prescriptions/{prescriptions}
      {
      allow read, write: if
     (request.resource.data.TheClinicianEmail == request.auth.token.email);
      }
}
}

In this example, I am checking the field of "TheClinicianEmail" for the document 'prescription'. When creating this document for the first time, will request.resource.data just be the data that I pass in, since no document exists yet?

await db.collection('users').doc(Theemail).collection('Prescription').add({
           
            TheClinicianEmail: Theemail,
        })

Here I add the field -> TheClinicianEmail, when the document gets created for the first time.

Solution

  • request.resource.data is always the data being passed up by the client (the request).

    resource.data is the data that is already in Firestore, if any.