I am trying to create some rules for my Firestore database. When I run these rules in the simulator on firebase console, everything works fine. Yet when I deploy the rules and try it out on my website, I get a permission denied error in the console.
The data I am trying to access is stored like this:
1. /teams/{teamId}
2. /teams/{teamId}/boards/{boardId}
where {teamId} and {boardId} are auto-generated ID´s:
E.g:
/teams/JTUrZcqz9Z20JuyCCcnV
/teams/JTUrZcqz9Z20JuyCCcnV/boards/OfcLPZItCk6Li7OeXwwt
I am trying to iterate through all of these children.
Firestore database:
firestore.rules:
match /teams/{teamId} {
allow read: if isMemberOfTeam(teamId);
allow write: if true; // memberOfTeam(teamId);
match /boards/{boardID} {
allow read: if memberOfTeam(teamId) || boardIsPublic(teamId);
allow write: if memberOfTeam(teamId);
match /{document=**} {
allow read: if memberOfTeam(teamId) || boardIsPublic(teamId);
allow write: if memberOfTeam(teamId);
}
}
match /{document=**} {
allow read: if isMemberOfTeam(teamId); // memberOfTeam(teamId);
allow write: if true; // memberOfTeam(teamId);
}
}
function isMemberOfTeam(teamId) {
return get(/databases/$(database)/documents/teams/$(teamId)).members[request.auth.uid].isMember;
}
function boardIsPublic(teamId) {
return get(/databases/$(database)/documents/teams/$(teamId)).data.isPublic;
}
Code in website: Firestore query:
ref.where('members.' + user.uid + '.isMember', '==', true)
All code:
this.teamsCollection = this.auth.user$.filter(user => user != null)
.map(user => this.afs.collection<TeamsInterface>('teams', ref => ref.where('members.' + user.uid + '.isMember', '==', true)))
.shareReplay(1);
this.$teams = this.teamsCollection.switchMap(collection => collection.snapshotChanges().map(actions => {
return actions.map(a => {
const data = a.payload.doc.data() as TeamsInterface;
data.id = a.payload.doc.id;
return data;
});
}));
Error I get in console:
Missing or insufficient permissions.
