Firestore Rules: Allow Users only to write to their own document and fields

0
votes

How to Allow Users only to write to their own document and fields in firestore?

NOTICE!
I have changed uid to email instead.

This is rules I have tried but not working: 
 service cloud.firestore {
  match /databases/{database}/documents {

    match /users/request.auth.token.email {
         allow write: if get(path("databases/" + database + "/documents/users/" + request.auth.token.email)).data.uid == request.auth.uid;
    }
  }
}

SEE IMAGE FOR DATABASE HERE

1
javascriptfirebasegoogle-cloud-firestorefirebase-security
I strongly recommend against using email instead of UID. Email addresses can change, but the UID of a user will never change. UID is a far better choice for document ID. - Doug Stevenson

1 Answers

1
votes

THIS WORKED! =)

service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{email} {
       allow update, delete: if request.auth.token['email'] == email;
       allow create: if request.auth.uid != null;
    }
  }
}

NOTICE! This rules will NOT work in test with the FIREBASE SIMULATOR, But it will work for real on my website.