firestore rules with custom functions error

2
votes

I'm trying to create a rule to allow certain functions in my firestore db (I worked with firebase since 3 months ago, I'm really new in this). The main idea is to find the _key of the user profile that I have stored in an user document. Then, search all the permissions allowed in the user-profiles document with the id that I found before. If I found the permission, I'd get access to the function

service cloud.firestore {
  match /databases/{database}/documents {

    function getPermisos(idPermiso){
    return get(/databases/{database}/documents/user-profiles/$(idPermiso)).data;
    }

    function getUserType(){
    return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.profile._key ;
    }


    match /proyectos/{document=**}{
    allow list,get: if getPermisos(getUserType()).acessList.proyectos==true;
    }


  }
}

Is this the right way to make it? Thanks in advance for any help

1
firebasegoogle-cloud-firestorefirebase-security

1 Answers

0
votes

You don't query rules for accessibility. You can define a collection of accessLevels where each document represents your various access types such as "admins", "groupone", "grouptwo", etc. see documentation

Control Access with Custom Claims and Security Rules

The Firebase Admin SDK supports defining custom attributes on user accounts. This provides the ability to implement various access control strategies, including role-based access control, in Firebase apps. These custom attributes can give users different levels of access (roles), which are enforced in an application's security rules.

User roles can be defined for the following common cases:

  • Giving a user administrative privileges to access data and resources.
  • Defining different groups that a user belongs to.
  • Providing multi-level access:
  • Differentiating paid/unpaid subscribers.
  • Differentiating moderators from regular users.
  • Teacher/student application, etc.
  • Add an additional identifier on a user. For example, a Firebase user could map to a different UID in another system.