Firestore Security Rules

0
votes

I'm using Firebase and have the following schema for users:

{
     "uid": "randomUID",
     "domain": "@domain1"
}

and I have a collection domains containing all the domains of users like so:

{
    "@domain1": {
                    "uid": "randomUID"
                }
}

I'm trying to use Firestore security rules in order to prevent creation of new users that have the same domain as a pr-existing. This is what I have so far:

service cloud.firestore {
    match /databases/{database}/documents {
        match /users/{Id} {
         allow read: if true;
         allow create: if exists(/databases/$(database)/documents/domains/$(resource.data.domain)) == false;
  }
}

But it doesn't work. I've also tried the following combinations of the allow create rule but none of them worked:

if !exists(/databases/$(database)/documents/domains/$(resource.data.domain));

and

if !exists(/databases/$(database)/documents/domains/$(request.resource.data.domain));

Any ideas or suggestions? Debugging the security rules is tricky since there's no debugger yet.

1
firebasegoogle-cloud-firestorefirebase-security

1 Answers

-2
votes

First, you cannot access resource without first accessing request. Then, when you're using

if !exists(/databases/$(database)/documents/domains/$(request.resource.data.domain));

you try to look for the domain of the user you are about to create. So far it may work. But are you sure the value of request.resource.data.domain absolutely equals to the path of the domain you've created?

Because if you did it using the add(...) method to add new domains, then those values won't be the same.