Search code examples
flutterfirebasegoogle-cloud-platformgoogle-cloud-firestorefirebase-security

Does firestore rules validate every time when data receive?

Does firestore rules validate every time when data receive? Or only when the listener create?

Data structure

- users
  - user1
    isAllowToReadMessage: true

- messages
  - message1
    content: "Hello"
  - message2
    content: "How are you doing"

And rules

match /messages/{messageId} {
   allow list: get(/databases/$(database)/documents/users/$(request.auth.uid)).isAllowToReadMessage;
}

Let's say a user add a listener on /messages, But if isAllowToReadMessage changed to false after the listener added, Will user still receive newest message?

_profileRepository.collection("messages")
            .doc(_firebaseAuth.currentUser!.uid)
            .snapshots()
            .listen((snapshot) {});
Solution

  • Let's say a user adds a listener on /messages. But if isAllowToReadMessage changes to false after the listener is added, will the user still receive newest messages?

    The answer is NO: The user will stop receiving messages if the Security Rules change in such a way they prevent him/her from reading the docs of the collection.

    In addition note that there is an error in your security rule syntax. You should use the data property as follows:

    match /messages/{messageId} {
   allow list: get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isAllowToReadMessage;
}