Firestore security rules based on role

0
votes

I've written those Firestore security rules to allow only users who are approved, work with data:

service cloud.firestore {
  match /databases/{database}/documents {

    match /bikes/{document} {

     function getRole(role) {
        return get(/databases/$(database)/documents/employees/$(request.auth.uid)).data.isApproved
      }

      allow read: if getRole() == true;
      allow write: if getRole() == true;

    }
  }
}

But getting this error

core.js:12501 ERROR Error: Missing or insufficient permissions. at new FirestoreError (index.cjs.js:346)

Whats wrong?

Extra code:

1) Firestore record

1) Angular code

getUserData() {
    this.afAuthState.authState.subscribe(user => {
      console.log(user)
      console.log("user uid")
      console.log(user.uid)
      if (user) {
          this.dao.getEmployeeByUID(user.uid).subscribe( res => {
            if (res) {
              console.log(res)
              this.employee = res
              this.role = this.employee.role
            }
            else console.log("please ask the admin for confirmation")
          })
        }
        else console.log("please login")
      })
  }

When I apply rules, I couldnt fetch this (getEmployeeByUID) data. when there are no rules - its fine

1
angulargoogle-cloud-firestoreangularfire2firebase-security
Please edit your question to include the minimal standalone code with which you trigger this error. It would also be good to see the document where the role for the user is defined. See how to create a minimal, complete, verifiable example. - Frank van Puffelen

1 Answers

0
votes

Your rule is looking for matches under a collection called docs, but you have no such collection. It seems your rule should be placed on the collection called employees.