I'm trying to secure my data in Firestore. I have read the documentation and managed to arrange rules for the better part of my db but I struggle with one certain case:
the structure of the data is like this:
collection("connections").document( Uid1 ).collection( Uid2 ).().()
I want to allow access to this whole tree for Uid1 and Uid2. What would be the rule for this functionality?
You should use the recursive wildcard syntax, {name=**}, as explained in the doc.
service cloud.firestore { match /databases/{database}/documents { // Matches any document in the cities collection as well as any document in a subcollection. match /cities/{document=**} { allow read, write: if <condition>; } } }When using the recursive wildcard syntax, the wildcard variable will contain the entire matching path segment, even if the document is located in a deeply nested subcollection. For example, the rules listed above would match a document located at
/cities/SF/landmarks/coit_tower, and the value of the document variable would beSF/landmarks/coit_tower.
Note that you need to use the rules version 2.
Thanks for your answer. I was already using the wildcard syntax before but in this particular case I struggled implementing it together with the "userId" wildcard. But I could figure it out now. Heres my working solution if anyone wants to implement similar structure:
match /connections/{userId}/{document=**} {
allow read: if request.auth.uid == userId;
}
match /connections/{otheruser}/{userId}/{document=**} {
allow read: if request.auth.uid == userId;
}
