1
votes

I'm trying to set a rule so that only authenticated users can update, create, write and delete their cat documents. My problem is that I can not create a new document. When I try to add it I get the error message "Error: Missing or insufficient permissions."

The strange part is that I can delete existing documents with this rule.

service cloud.firestore {
  match /databases/{database}/documents {
    match /cats/{catId} {
        allow read;
      allow update, create, write, delete: if resource.data.ownerId == request.auth.uid;
    }
  }
}
1

1 Answers

1
votes

Maybe you are missing request e.g. request.resource.data.ownerId == resource.auth.uid

When writing data, you may want to compare incoming data to existing data. In this case, if your ruleset allows the pending write, the request.resource variable contains the future state of the document. For update operations that only modify a subset of the document fields, the request.resource variable will contain the pending document state after the operation. You can check the field values in request.resource to prevent unwanted or inconsistent data updates

https://firebase.google.com/docs/firestore/security/rules-conditions#data_validation