Firebase Cloud Firestore Security Rules With Map

1
votes

I have a problem of understanding with the security rules of cloud firestore. I don't understand how to check a user's uid with a map where they can access their data.

Thank you in advance for your answers

enter image description here Here is the rules i have tried

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {

    //TEST ONLY
    //match /{document=**} {
    //  allow read, write;
    //}
    
    // match logged in user doc in users collection
    match /users/users/{userId} {
      allow create : if request.auth.uid != null;
      allow read : if request.auth.uid == userId;
      
      match /{anything=**} {
        allow read, write : if request.auth.uid == userId;
      }
    }
  }
}

And here an exemple of how i use Firestore :

// Collection reference
final CollectionReference _usersCollection = Firestore.instance.collection('users');

Stream<List<double>> get existingRecord {
  return _usersCollection.document('users').snapshots()
    .map(_existingRecordListFormSnapshot);
}

List<double> _existingRecordListFormSnapshot(DocumentSnapshot snapshot) {
  ...
  double tips = snapshot.data['$uid']['data']['$year']['$month']['$week']['$day']['Tips'];
}

My problem is that I want only the user to have access to their data. For this I made a 'users' document which contains a 'users' map which contains all user data, named with their unique uid. And I am unable to set up the security rules so that only the user has access to his data.

The diagram looks like this: users / users / [{userID}, {userID}, ...]

I don't know if I'm clear but I really can't find how to only allow the user to access their data in the users data map

1
google-cloud-firestorefirebase-security
On Stack Overflow, don't provide pictures of code. Copy the code into the question and format it so that it's easy to read, copy, and search. For security rules, it's also necessary to show the client that matches that rules. Rules by themselves don't mean anything without understanding the specific queries that are intended to allow or deny.Doug Stevenson
I update my post, sorry for the fuzzy questionWilliam Karkegi
I'm still not real clear on what you're trying to do, but you can't use match wildcard to find fields within documents. A match can only refer to a document. You'll probably want each user data to be in a different document using their UID as the doc ID.Doug Stevenson
I will do that ! Thanks a lot for your help !William Karkegi

1 Answers

1
votes

Dont put all the users in the same document, instead you should have one document per user, (with the document's name equal to the Firestore uid for simpler rules).

Then your rule can simply be:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {   
    // match logged in user doc in users collection
    match /users/{userId} {
      allow create : if request.auth.uid != null;
      allow read : if request.auth.uid == userId;
      
      match /{anything=**} {
        allow read, write : if request.auth.uid == userId;
      }
    }
  }
}