Error with Firestore security rules: FirebaseError: Missing or insufficient permissions

1
votes

Intended behavior

The goal is to rework my security rules such that only an authenticated user can read and write the data of that specific user. This is based on the users UID, which is how we identify individual users (this is done from firebase authentication, so not sure what the problem is).

My database structure

enter image description here

My security rules are

service cloud.firestore {
  match /users/{userId} {
   allow read: if request.auth.uid == userId;
  }
}

The error

FirebaseError: Missing or insufficient permissions

Any suggestions on what I can do here would be very much appreciated. I haven't been able to find anything applicable in other questions asked.

My Query

fbDB.collection('users').doc(user.uid).collection('practitionerClients').doc(trackingClientNameCheck).collection("sessions").doc(trackingClientNameCheck + currentTime).set({

    name: trackingClientName,
    timeOfSession: currentTime,
    vocValues: vocValueSaved,
    sudsValues: sudsValueSaved, 
    recallValues: recallValueSaved,
    moodValues: moodValueSaved,
    clientNotes: trackingClientNotes,
    triggeringEventProcessed: trackingTriggeringEvent,
    positiveBelief: trackingPositiveBelief,
    negativeBelief: trackingNegativeBelief

}).then(function() {
    console.log("Document successfully written!");

})

.catch(function(error) {
    console.error("Error writing document: ", error);
});;

*My error

Error getting document: FirebaseError: Missing or insufficient permissions.

    at new t (https://www.gstatic.com/firebasejs/6.2.4/firebase-firestore.js:1:47216)
    
    at t.fromRpcStatus (https://www.gstatic.com/firebasejs/6.2.4/firebase-firestore.js:1:236502)
    at t.fromWatchChange (https://www.gstatic.com/firebasejs/6.2.4/firebase-firestore.js:1:245756)
    at t.onMessage (https://www.gstatic.com/firebasejs/6.2.4/firebase-firestore.js:1:189313)
    at https://www.gstatic.com/firebasejs/6.2.4/firebase-firestore.js:1:188114
    at https://www.gstatic.com/firebasejs/6.2.4/firebase-firestore.js:1:188899
    at https://www.gstatic.com/firebasejs/6.2.4/firebase-firestore.js:1:60566
2
javascriptfirebasegoogle-cloud-firestorefirebase-security
When posting about security rules, your question should also contain the code from the client that is being rejected. We need to be able to see that your rules match your query.Doug Stevenson

2 Answers

2
votes

You need to specify that subcollection in your rules

service cloud.firestore {
  match /databases/{database}/documents {

    match /users/{userId} {
      allow read: if request.auth.uid == userId;

      match /practitionerClients/{clientId} {
        allow read: if request.auth.uid == userId;
      }

    }
  }
}

Whenever you add a new sub-collection like that you should usually have to specify it or add a wildcard rule for that path. So instead of the above rule you could do this

service cloud.firestore {
  match /databases/{database}/documents {

    match /users/{userId}/{document=**} {
      allow read: if request.auth.uid == userId;
    }
  }
}

you can read more here

0
votes

Your rules don't match any documents. You have to retain the match for /databases/{database}/documents that you were given in the initial set of rules, and as shown in the documentation.

service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
     allow read: if request.auth.uid == userId;
    }
  }
}