I am make security rule for Firebase app with authentication.
I want only user be able access his own user document.
I have this security rule:
match /users/{uid} {
allow read, update: if request.auth.uid == uid;
allow create: if request.auth.uid != null;
}
But when I run client code, it give error:
[Firestore]: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
In client code I check if document with user uid already exist (if it not exist, I write data to firestore):
final QuerySnapshot result = await Firestore.instance
.collection('users')
.where('uid', isEqualTo: user.uid)
.getDocuments();
documents = result.documents;
if (documents.isEmpty) {
…
Why I get this error?
I have read https://firebase.google.com/docs/firestore/security/rules-query and it say db.collection("stories").where("author", "==", user.uid).get()
is valid.