I've been writing security rules for my app and I've come across a spot of confusion. In the docs it says that using a get() call in security rules count as a read and you are limited to 10 per request. In my rules I've been using .get() so if some incoming data isn't defined, it doesnt break my rules and I can type check it. Here's an example.
function incomingData(){
return request.resource.data
}
function isUserIsAuth(){
return request.auth != null
}
function isUserOwner(userID){
return request.auth.uid == userID
}
function isString(data){
return data is string || data == null
}
function isBool(data){
return data is bool || data == null
}
function isNumber(data){
return data is number || data == null
}
function validateUserTypes(){
return isBool(incomingData().get("social_status", null)) &&
isBool(incomingData().get("tag_status", null)) &&
isNumber(incomingData().get("num_photos", null)) &&
isString(incomingData().get("first_name", null)) &&
isString(incomingData().get("last_name", null)) &&
isString(incomingData().get("location", null)) &&
isString(incomingData().get("caption_text", null)) &&
isString(incomingData().get("uid_auth", null)) &&
isString(incomingData().get("uid_instagram", null)) &&
isString(incomingData().get("uid_snapchat", null)) &&
incomingData().get("gender", null) in ["Male", "Female", "Other", "Prefer Not To Say"]
}The .get() method allows me to type get without worrying if the data is defined on the request or not. My question is, would this .get() method use reads?
Thanks!
No. The documentation is referring to the top-level function get() that read a documents, not the Map object method get() that you're using here.