Firestore security rules allow update if array does not contain uid

0
votes

Regarding Firebase Firestore security rules, I need something like

allow update: if request.auth.uid in resource.data.map

But allow update if map does NOT contain auth.uid.

Thanks for your help.

1
firebasegoogle-cloud-firestorefirebase-security
u want both if present or not? - fatalcoder524

1 Answers

0
votes

The following should do the trick:

  allow update: if !resource.data.map.hasAny([request.auth.uid]);

Corresponding doc: https://firebase.google.com/docs/reference/rules/rules.List

PS: Note that the name of the Array field which contains the uids is map (you get its value through resource.data.map, see https://firebase.google.com/docs/reference/rules/rules.firestore.Resource#data). It may be less error-prone to rename to this field to e.g. uidsArray and do resource.data.uidsArray.hasAny(...)