Firestore Firebase Database Rule, enabling admin to write

0
votes

Hi people i need help with enabling users to read everything but not write. And enabling admin to write and read everything.

I have users collection with documents, each document has role which if its an admin account it says role = 'admin' otherwise it says 'regular'

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if true;
      allow write: if get(/databases/users/documents/users/$(request.auth.uid)).data.role == 'admin';
    }
  }
}

I wrote this but its not solving anything

---------UPDATE----------

This was a fix for me, thanks.

get(/databases/$(database)/documents/users/$(request.auth.uid))

But i am still not able to do anything from client side. I checked in console with playground mode and rule is actually fine, it returns true if its admin uid. I am guessing it is a client side problem because it probably doesnt read uid. Any idea how to fix?

2
firebasegoogle-cloud-firestorefirebase-authenticationfirebase-security

2 Answers

1
votes

You have a typo in your rules:

get(/databases/users/documents/users/$(request.auth.uid))

should be

get(/databases/$(database)/documents/users/$(request.auth.uid))
1
votes

This worked for me. (Official Firestore Security Docs)

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if true;
      allow write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == 'admin';
    }
  }
}