I am developing an Android app, and using Firebase Auth and Firestore. When I try and write specific rules for the Firestore database, access is denied when I test the app.
When The Firestore Rules are set up with:
match /{document = **}
{allow read, write: if request.auth != null;}
The access is allowed and documents returned from this query correctly:
val query4 = auth.currentUser?.uid?.let {
database.collectionGroup("Notifications")
.whereArrayContains("users", it)
}
But when I try and use a path, instead of document = **, I get access errors.
Example path:
/UserGroups/{userGroup}/Notifications/{notification}
Errors:
W (24.9.1) [Firestore]: Listen for Query(target=Query( collectionGroup=Notifications where usersarray_containsnBOnzkyoo8dTBrD5W3k4W2yqVdr1 order by name);limitType=LIMIT_TO_FIRST) failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
W (24.9.1) [Firestore]: Listen for Query(target=Query( collectionGroup=Notifications where usersarray_containsUsers/VHJYYIsZIK9XA4bhesGN order by name);limitType=LIMIT_TO_FIRST) failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
I would think I was just writing the path incorrectly, and I might be, and just don't see it, but the User ID listed in the second Query error, does not exist, in the database (for at least 24 hours now), or as far as I can find, anywhere in the code. I am only making one query in the code, which is the first query failure error.
Since a collection group query reads at a collection of that name anywhere in the database, you need to have a rule that allows reading that specific collection name anywhere in the database.
match /{path=**}/{userGroup}/Notifications/{notification}
See the documentation on Collection group queries and Secure and query documents based on collection groups .