Rephrased entire question on your suggestion.
I have this setup in my firestore database:
I'd like to query the "incidents" collection and get back all documents that have my ID in the "members" array which is part of each document in the "incidents" collection.
I checked in the "Authentication" that this is in fact my ID.
I've set my rules like so:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /incidents/{document=**} {
allow read, write: if
request.auth.uid in resource.data.members
}
}
}
This is my client-side:
import { collection } from 'firebase/firestore';
const incidentsCollection = collection(db, 'incidents');
onSnapshot(incidentsCollection, (querySnapshot) => {
const fetchedIncidents = [];
querySnapshot.forEach((doc) => {
fetchedIncidents.push({
id: doc.id,
...doc.data(),
});
});
With all of the above I get "permission_denied". What am I doing wrong?
Rephrased entire question on your suggestion.
I have this setup in my firestore database:
I'd like to query the "incidents" collection and get back all documents that have my ID in the "members" array which is part of each document in the "incidents" collection.
I checked in the "Authentication" that this is in fact my ID.
I've set my rules like so:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /incidents/{document=**} {
allow read, write: if
request.auth.uid in resource.data.members
}
}
}
This is my client-side:
import { collection } from 'firebase/firestore';
const incidentsCollection = collection(db, 'incidents');
onSnapshot(incidentsCollection, (querySnapshot) => {
const fetchedIncidents = [];
querySnapshot.forEach((doc) => {
fetchedIncidents.push({
id: doc.id,
...doc.data(),
});
});
With all of the above I get "permission_denied". What am I doing wrong?
Share edited Mar 11 at 13:52 user2826751 asked Mar 11 at 4:22 user2826751user2826751 171 silver badge4 bronze badges 2- 2 Please edit your question to include the client side query you are performing. It's likely that the query you are making doesn't pass your rules - which instantly fails your query because rules are not filters. – samthecodingman Commented Mar 11 at 7:24
- 2 Your rules depend on a client query that we can't see and document data that we can't see, so we don't know what these rules are actually doing with all that. Please edit the question to show code and data in use. We should be able to copy what you show to reproduce the issue ourselves. – Doug Stevenson Commented Mar 11 at 13:07
2 Answers
Reset to default 2Your query is demanding all of the documents in the "incidents" collection, however your rule requires that the client may only request documents where the "members" array field contains a specific string. So the rule is rejecting the query because it's requesting data disallowed by the rule.
Firestore security rules are not filters (you should read and understand this documentation). Your query on the client should contain a filter that requests only the documents allowed by the rule, which means you should have an "array-contains" filter on the "members" field.
For anyone landing on this you need to put the collection inside of query as well when using getDocs I believe.
import { collection, getDocs, query } from 'firebase/firestore';
const q = query(collection(db, 'incidents'), where('assignedUsers', 'array-contains', userStore.userId));
const querySnapshot = await getDocs(q);
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744814150a4595225.html
评论列表(0条)