firestore security for the update of specific field within document

Question

I have a following data structure as a firestore document and I want to set the security rule to each participants.

{
 event_name: 'XXX',
 created_by: 'userid'
 participants: {
  userid_a: true,
  userid_b: true,
  userid_c: true,
 }
}

participants are set as array-like data to query the collection by using participant's userid. And I am updating the data as a following way

const eventDoc = this.afs.doc('event/' + event_id );
participant_obj = {}
participant_obj[`participant_obj.${user_id}`] = true;
eventDoc.update(participant_obj)

Then, I want to set the security rule that only authorized user can update only to their own participant status.

match /event/{eventId} {
 match /participant_obj {
  allow write: if request.resource.data.keys()[0] == request.auth.uid
 }
}

But it does not work because participant_obj is not the path of document nor path of collection, participant_obj is just a data within a document.

How can I set the security to update the specific field within the document?

Yatima Yatima · Accepted Answer · 2017-12-11T14:36:34

How about like this;

match /event/{eventId} {
  allow write: if request.resource.data.participant_obj.keys()[0] == request.auth.uid 
               && request.resource.data.participant_obj.size() == 1
}

firestore security for the update of specific field within document

1 Answers