Hi
I am new to the community but I have gathered that this is a good place to discuss and learn about Firebase technology, so that’s what I’d like to do.
My first post is about something I have been struggling with recently, and something which has led me to suspect that there’s a bug in the Firestore platform.
To replicate the situation I have, please arrange a Firestore in the formation shown in the images below:
Okay, so to avoid any confusion, all of the data in the Firestore formation above, is two sub-collections beneath the chief parent collection.
What I have tried to achieve, is for the ‘exclusiveA’ sub-collection to be read by ‘userB’ users, if the value of the ‘creditCard’ (a boolean) is false.
The security rules I wrote are:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users {
// if a rule isn't specified, Firestore denies by default
allow read;
}
match /users/{docId}/userA {
allow read;
}
match /users/{docId}/userB {
allow read;
}
match /users/{docId}/userA/{docId2}/exclusiveA/{docId3} {
// allow read if user: (1) has a uid, (2) has creditcard = false
allow read: if request.auth.uid != null && get(/databases/$(database)/documents/users/$(docId)/userB/$(docId2)/exclusiveB/$(request.auth.uid)).data.creditCard == false;
}
match /users/{docId}/userB/{docId2}/exclusiveB/{xcluB} {
allow read: if resource.data.uid == request.auth.uid;
}
match /users/{docId}/userA/{docId2}/otherDetails/{id} {
allow read: if request.auth.uid == resource.data.id;
}
match /users/{docId}/userB/{docId2}/otherDetails/{id} {
allow read: if request.auth.uid == resource.data.id;
}
}
}
So, despite the Firestore formation above and the security rules above, Firestore’s response is:
[cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation.
Can you help to explain why the get(/databases/) call within the security rules is failing please?
With thanks.
