Comparing resource and request resource in firestore

3
votes

I have a simple firestore rule:

allow update: if request.resource.data.reservedBy == resource.data.reservedBy;

my payload in the simulator is

{"name":"/databases/(default)/documents/books/I3dbzzwGJGXnqMQBOxoP","data":{"reservedBy":"Ivanko"}}

and the method is "update". The value of the field 'reservedBy' is completely different in the actual record.

No matter what I do, no matter what i change the payload to, the rule will always return true and allow the update. Is that a bug or am i missing something. Interestingly, if I change "update" to "create", the rule works as expected. Anyone else encountered this?

Thanks.

2
firebasegoogle-cloud-firestorefirebase-security
The simulator has been known to have bugs. Does this work with actual updates?Doug Stevenson
Ah interesting, haven't tested it. My frontend mirrors this rule so a bit tricky to check. I'll write a couple of manual tests and will report back.ivanibash

2 Answers

2
votes

I have been dealing with a similar issue and I found this to be the culprit...excerpt from (https://firebase.google.com/docs/firestore/security/rules-conditions). --For update operations that only modify a subset of the document fields, the request.resource variable will contain the "pending" document state "after" the operation.

1
votes

Just got an answer from the Firebase team saying that it is indeed a simulator bug, and that the rule should work in production.