Error: Missing or insufficient permissions

1
votes

I got a firestore like this:

:stores 
   | 
   $Store       
   :orders
        |
        $Order
        :items

I want to read orders from my database using a user having an workerUid same as the request.auth.uid but geht the Error: Missing or insufficient permissions.

The important part of my firebase rules:

service cloud.firestore {

  match /databases/{database}/documents {

        //Matches any document in the stores collection 
        match /stores/{store} {

            function isStoreAdmin(uid) {
                return get(/databases/stores/$(store)).data.adminUid == uid;
            } 

            function isStoreWorker(uid) {
                return get(/databases/stores/$(store)).data.workerUid == uid;
            }

            allow read: if request.auth.uid != null;
            allow write:  if request.auth.uid == resource.data.adminUid;

            //Matches any document in the orders collection       
            match /orders/{document=**} {
                allow read, write:  if isStoreAdmin(request.auth.uid) || isStoreWorker(request.auth.uid);
            }
        }
    }
}

Funny thing is, that it works if I do this:

match /orders/{document=**} {
    allow read, write:  if isStoreWorker(request.auth.uid);
}

or this:

match /orders/{document=**} {
    allow read, write:  if request.aut.uid != null;
}

When deploying the rules I get no syntax error so I really can't understand why this is not working. Does anyone have any ideas? Thank you so much!

Edit:

function readAllDocuments(collectionReference, callback,finishedCallback){
    collectionReference.get().then(function(querySnapshot) {
        querySnapshot.forEach(function(doc) {
            callback(doc.id,doc.data());
        });
        finishedCallback();
    });
}

const storeDocument = getRootCollection(STORES_COLLECTION_ID).doc(storeId);
const orderCollection = storeDocument.collection(STOREORDERS_COLLECTION_ID);
orders=new Map();
readAllDocuments(orderCollection, function (id, data) {
    orders.set(id,data);                        
},function(){
    finishedLoading();
});
1
firebasegoogle-cloud-firestorefirebase-security
Please edit your question to include the code that triggers the error. - Frank van Puffelen
@FrankvanPuffelen: Please see my edit. But I am quite sure that the mistake has to be in the rules somewhere. - progNewbie

1 Answers

2
votes

The documentation for use of get() in a security rule states:

...the path provided must begin with /databases/$(database)/documents

Make these changes to the get() paths:

function isStoreAdmin(uid) {
    return get(/databases/$(database)/documents/stores/$(store)).data.adminUid == uid;
} 

function isStoreWorker(uid) {
    return get(/databases/$(database)/documents/stores/$(store)).data.workerUid == uid;
}