Firestore security rules: How to validate that a field is undefined?

9
votes

When a user signs up and they initialise their data in firestore, I want to validate that they aren't attempting to set their role (i.e. so they're not setting it to 'admin' for example).

I tried to write this:

match /users/{userId} {
  allow create: if (signedInAs(userId) && !request.resource.data.role) || isAdmin();
  ...

...but I just see "Property role is undefined on object."

Is there a way to do this safely? Or does this mean I should always be initialising expected fields, even if it's just to the empty string? That doesn't seem to quite fit with the philosophy of NoSQL?

2
firebasegoogle-cloud-firestorefirebase-security

2 Answers

30
votes

Use the in operator to find out if a property of an object doesn't exist.

!("role" in request.resource.data)

This yields a boolean. See it in the rules API docs for the Map type.

0
votes

Try with writeFields if other solutions do not work.

!("role" in request.writeFields)