Firebase firestore security rules allow if document ID contains string

Question

I have got the following:

match /direct/{postId} {
   allow read, write: if postId.includes(request.auth.uid);
}

However, I would like to only allow read, write if the document ID (postId) contains the string. .includes is not working for me in security rules.

Edit: it should match a substring instead of the entire document id

Edit2 https://imgur.com/hGTa9Iw collection called direct where each document ID is a string which contains 2 uids in it’s name.

Any help would be appreciated. Thanks.

Are you trying to find out if request.auth.uid is exactly equal to postId, or just a substring? A substring match seems kind of strange here. — Doug Stevenson
it should match a substring instead of the entire document id — user812039
Please edit the question to show the specific query you're trying to allow with these rules that isn't working the way you expect. It would help to see the actual data as well. Rules by themselves don't mean anything unless paired with queries and data. — Doug Stevenson

Frank van Puffelen Frank van Puffelen · Accepted Answer · 2020-08-09T14:15:59

The document ID is a string, and as far as I can see the String class in security rules doesn't have an include method.

It does have a matches method though, so you can use that to test whether the document ID contains a substring with a regular expression.

Something like:

match /direct/{postId} {
   allow read, write: if postId.matches(request.auth.uid);
}

A working read where the postId matches the UID of the user:

Trying to read another document:

Update: to test for a substring:

  allow read: if postId.matches(".*"+request.auth.uid+".*");