Firestore security rules get function error

3
votes

When a user signs up, the application saves the user in Firestore with the same uid generated for Firebase authentication. Now I am trying to write a security rule for a separate collection (not the user collection) where read and write operations are allowed to the requester only if that requestor has the isAdmin field set to true. As you can see on the images, even when the path is correct in the get() function, I got a non-existent error. What could cause this error?

I tried many variations of the path, changing collection, lowercase everything etc. I could not find anything about this in Google and the official documentation shows the usage the same way I use it.

The security rule:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /user/{user} {
      allow read,write: if true
    }
    match /akarmi/{akarmiId} {
      allow read, write:
      if get(/databases/$(database)/documents/user/$(request.auth.uid)).data.isAdmin == true
    }
  }
}

I expect this code to run and allow or disallow acces and not throw a nonexistent error.

2
firebasegoogle-cloud-firestorefirebase-authenticationfirebase-security
Did you tried to put your request.auth.uid into [ ]? Like this: if get(/databases/$(database)/documents/user/$([request.auth.uid])).data.isAdmin == trueConstantin Beer
just tried it and its not a known syntax i think....Error running simulation — Error: simulator.rules line [11], column [8]. Function not found error: Name: [get].; Error: Invalid argument provided to call. Function: [get], Argument: ["||invalid_argument||"]Nándor Szűcs
Also could maybe occur because you are using the simulator? did you tried to send a request to firestore from your client?Constantin Beer
i had to write some actual code for that, but no its still not working as it should. I tried it with allow read: if true and the code i wrote is working, i get the data but that get function is still not good. I dont know why.Nándor Szűcs
Please edit the question to show the code of the database query that's not working the way you expect with these rules. Rules are not meaningful without also knowing the requests that they allow or deny.Doug Stevenson

2 Answers

5
votes

I solved my problem with the following configuration: enter image description here

You have to setup a real Firebase UID to use the simulator, the actual UID solved the problem, the error message was very misleading.

1
votes

The response from Yoann above helped me.

I had to provide the user name to the simulator. This allowed testing with get() and exists() functions and to check against the user roles in the DB entries.