Firebase rules - user can only edit its data

Question

I have a firebase project and I'm using FirebaseAuth and firebase database.

I only have one collection named baby, with name (String), userId (String), and votes (Integer) attributes. userId contians the user.uid of the creator.

I want to create a rule so that only the creator user can update or delete a document. Anyone can read and a registered user can create.

So I have the follwing rules:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /baby/{userId} {
        allow read;
      allow create: if request.auth.uid != null;      
      allow update, delete: if request.auth.uid == userId;
    }
  }
}

With this, anyone can read, a registered user can create. However, the user with uid=userId can't update. Any one knows where is the problem?

I've checked the database, and the userID attribute of the documents is correct (same as the user uid).

Thanks

Please edit the question to also show the code that isn't working the way you expect. It will be very helpful if you illustrate clearly how you are both adding and updating data. We need to be able to visualize the contents of the database. — Doug Stevenson

Flignats Flignats · Accepted Answer · 2019-10-17T16:31:56

It's most likely that the {userId} is not the document Id, therefore request.auth.uid is not the same as the {userId}

Make sure to specify the document Id when creating the document and it should work as intended.

Firebase rules - user can only edit its data

1 Answers