Firestore Query Not Working according to the security rules

0
votes

I am using Cloud Firestore and i am trying to change my security rule.This is the condition I want

Only users whose phone number is in any documents in the Teacher collection can read the only his/her documents inside the Teacher collection

Here is code i have written

    rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /Teachers/{teachers}{
    allow read: if((resource.data.mobno == request.resource.data.mobno) )
  allow update:if((request.resource.data.mobno == resource.data.mobno))


  }        


      }
    }

This is the client side query

 Teacherref = FirebaseFirestore.getInstance().collection("Teachers");      
Teacherref.whereEqualTo("mobno",mobilecredential).get().addOnSuccessListener(new OnSuccessListener<QuerySnapshot>() {
            @Override
            public void onSuccess(QuerySnapshot queryDocumentSnapshots) {
                if(!queryDocumentSnapshots.getDocuments().isEmpty()){
                    for(QueryDocumentSnapshot data:queryDocumentSnapshots){
                        teacherdata=data.toObject(TeacherLoginModel.class);
                        if(TextUtils.isEmpty(teacherdata.getStatus()))signinuser(data);
                        else if(teacherdata.getStatus().equals("signout"))signinuser(data);
                        else {Toast.makeText(Signin.this, "You Are Already logged In Different Phone", Toast.LENGTH_SHORT).show();
                            predialog.dismiss();}
                    }
                }
                else{
                    predialog.dismiss();
                    Toast.makeText(Signin.this,"Please Check Your Credentials ", Toast.LENGTH_SHORT).show(); }
        }
    }).addOnFailureListener(new OnFailureListener() {
        @Override
        public void onFailure(@NonNull Exception e) {
            Toast.makeText(Signin.this, e.getMessage(), Toast.LENGTH_SHORT).show();
        }
    });

enter image description here

1
firebasegoogle-cloud-firestorefirebase-security
Are you getting any error? Or the app is not working as you want? - Dharmaraj
Its showing Permission denied - Abhishek Agarwal
Can you try using this path? DocumentReference Teacherref = FirebaseFirestore.getInstance().document("Teachers/"+<current_user_uid>); instead of whereEqualTo? I am assuming this query is done by the user itself. Then use the if-exists logic? - Dharmaraj
It will not work as the person is not login yet actually only those teacher can signup in the app whose no is already there in the database.thats why i am first check whether the number entered by the user exist in the database or not and if its exist he can signup - Abhishek Agarwal
If you want your non-authenticated user's to somehow access your app, I'll strongly suggest you to use Firebase cloud functions. When a user enter's a phone number, create a node of that phone number in Firebase realtime database and then further use an onCreate() trigger to function your app. This way you won't have to worry about the Firestore rules and also your database paths from your clients. - Dharmaraj

1 Answers

0
votes

As you will read in the documentation, request.resource corresponds to "the new resource value, present on write requests only".

So you cannot use request.resource in a read rule.