I am trying to implement a Firestore check in my Storage rules following:
https://firebase.blog/posts/2022/09/announcing-cross-service-security-rules
The exists function works fine but I keep getting errors on get. I am using the emulators and running firebase-tools 11.17.0
This returns true or false correctly:
function found(datasetId) {
return firestore.exists(/databases/(default)/documents/datasets/$(datasetId))
}
This fails every time:
function shared(datasetId) {
return firestore.get(/databases/(default)/documents/datasets/$(datasetId)).data.meta.privacy == 'public';
}
An error shows up in emulators on initial load and with every request:
com.google.firebase.rules.runtime.common.EvaluationException: Error: /home/max/Projects/test/websites/namespace/test-web/storage.rules line [10], column [24]. Service call error. Function: [firestore.get], Argument: [path_value {
segments {
simple: "databases"
}
segments {
simple: "(default)"
}
segments {
simple: "documents"
}
segments {
simple: "datasets"
}
segments {
simple: "13ypyc346atp3gqywoqB"
}
}
].
The actual rule is very simple, and works fine if I remove the shared function:
allow read: if found(datasetId) && shared(datasetId)
This was bug in firebase-tools that was fixed in v11.19.0
https://github.com/firebase/firebase-tools/releases/tag/v11.19.0
Fixed bug with Cross-Service Rules integration for Firestore documents containing nulls