How to query Firestore from client?

0
votes

I am make security rule for Firebase app with authentication.

I want only user be able access his own user document.

I have this security rule:

  match /users/{uid} {
  allow read, update: if request.auth.uid == uid;
  allow create: if request.auth.uid != null;
  }

But when I run client code, it give error:

[Firestore]: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}

In client code I check if document with user uid already exist (if it not exist, I write data to firestore):

final QuerySnapshot result = await Firestore.instance
    .collection('users')
    .where('uid', isEqualTo: user.uid)
    .getDocuments();
documents = result.documents;
if (documents.isEmpty) {
…

Why I get this error?

I have read https://firebase.google.com/docs/firestore/security/rules-query and it say db.collection("stories").where("author", "==", user.uid).get() is valid.

2
firebasegoogle-cloud-firestorefirebase-authenticationfirebase-security
could be that you haven't added the dependencies correctly ?Abby
@Abby Thanks for reply! I have add correctFlutterFirebase

2 Answers

0
votes

Looks like your user is not authenticated when you are doing this request, are you sure that you implemented the authentication engine + authenticated the user first?

0
votes

Your query does not match your rules. The query is asking for all the documents where the document field uid is the same as user.uid. But your rule is allowing read access to documents with the document ID is the same as the user's UID. These are not the same thing. Query is dealing with a document field called uid, and the rules is dealing with the document ID. The query and the rule must match. Since you haven't said anything about the structure of your documents, or what specifically you're trying to achieve, it's not possible to recommend and alternative. In any event, your query must match the rule, or it will fail every time.