Set Cloud Firestore rules to access same admin account from staff account
I created an ERP Flutter app, with multiple "shops", where Admins account can add staff members and this staff can manage some Firebase collections on their behalf. So, the idea is that staff should login the same account of the Admin, or at least, read and write the same collections.
The problem I am facing is that "users" collection has multiple "Admin". Each Admin assigned to a shop. I need help in setting up the Firestore rules to allow only "staff ID" included in "staff" array from that particular Shop/Admin document to read and write permission.
As the screenshot below:
- each Admin has a "staff" array with staff ID;
- staff are also saved inside the users collection;
- staff needs to access the "Category" and "InventoryCat" collections.
Maybe I am doing this wrong, and I need to set "Category" and "InventoryCat" as independent collections not released to the Admin, and share same "reference" across Admin and staff of the same shop?
Stream to call collection "categories:
StreamBuilder(
stream: _services.userRef.doc(_services.getUserID()).collection(_collectionName).orderBy('name').snapshots(),
builder: (context, snapshot) {
The following rules should do the trick: We check if the Id of the user is within the staff array OR if the user's ID is the parent collection ID (i.e. the user is the Admin himself):
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId}/Categories/{catId} {
allow read: if request.auth != null && (request.auth.uid in get(/databases/$(database)/documents/users/$(userId)).data.staff || request.auth.uid == userId);
allow write: ...
}
}
}
Note that the above rule is only for the Categories subcollections, you need to declare the same one for InventoryCat and daily_production subcollections.
- How to get a specific value in firebase-realtime-database in swift 4.0
- Firebase maximum projects and apps
- Firebase auth: Update (not signed in user) password without use 'sendPasswordResetEmail'
- Delete all users from firebase auth console
- Creating firebase user with authentication information from Salesforce
- Is there a way to use Google Firestore client in Python like in the Pyrebase library?
- Flutter FirebaseAuth authStateChanges Not Navigating in initState
- Firebase User Doesn't Have Constructor?
- Firebase realtime database structure in chat app
- node-red Firebase send notification
- android.security.KeyStoreException: Signature/MAC verification failed
- iOS and FirebaseCrashlytics
- Will preventing AD_ID permission to be merged affect Firebase functionality?
- Is it possible to use Firebase Realtime Database to implement a distributed mutex?
- How to implement role based google authentication using Firebase
- Firebase JS SDK `findNearest` function for Firestore Vector search
- RxJs Compose a list of Observables and then combine (Firebase)
- Flutter NSException: Configuration fails. It may be caused by an invalid GOOGLE_APP_ID in GoogleService-Info.plist or set in the customized options
- How to setup FastAPI comunication with firestore through Pyrebase4
- Best way to store Firebase admin private key file for AWS lambda
- Upgraded angular versions and now getting error: "The AppComponent component is not marked as standalone"
- QUOTA_EXCEEDED : Exceeded daily quota for email sign-in in spite of using my SMTP settings
- Alternate of Authentication create trigger in 2nd Gen - Cloud Functions
- firestore: PERMISSION_DENIED: Missing or insufficient permissions
- Conditional rendering based on authentication security question
- Firebase Authentication Emulator in Flutter on Android: `Logging in as [email protected] with empty reCAPTCHA token`
- FireBase notification not working on new installs
- is it safe to have 'firebase-messaging-sw.js" in public url
- Defining memory for single firebase functions
- How to show API error handle inside of react?