FirebaseError: Missing or insufficient permissions (owner)

1
votes

Here are my rules for the firestore.

    rules_version = '2';
    service cloud.firestore {
      match /databases/{database}/documents {
        match /{document=**} {
          allow read, write: if request.auth!=null;
        }
      }
    }

When I set allow read, write: if true; I can access the database. However, when I change it to the code above. I get: FirebaseError: Missing or insufficient permissions.

I have read a lot of questions about this error and the only solution which works is allowing read permissions for everyone (I think this would be bad).

How do I authenticated myself (the owner)? Below is the code used to get the document.

        var firebaseConfig = {
        apiKey: "XXXXXXXXXXXXXXXXXXXXXX",
        authDomain: "XXXXXXXXXXXXXXXXX",
        projectId: "XXXXXXXXXXXX",
        storageBucket: "XXXXXXXXXXXXXXXXX",
        messagingSenderId: "XXXXXXXXXXXXXXX",
        appId: "XXXXXXXXXXXXXXXXXXXX",
        measurementId: "XXXXXXXXXXXX"
        };
        // Initialize Firebase
        firebase.initializeApp(firebaseConfig);
        var db = getFirestore();
        console.log(db)
    
        const docRef = doc(db,"fta-2up-prob", "fta-2up-prob");
        console.log(docRef)
        const snapshot = await getDoc(docRef);
        console.log(snapshot)

As said before this code does work if I allow anyone to read the database. Any advice would be really appreciated even if it seems obvious (I'm extremely new to this).

1
javascriptgoogle-cloud-firestorefirebase-security

1 Answers

0
votes

When you require this for accessing a document if request.auth!=null, you're saying that the user needs to be signed in with Firebase Authentication to access the data. None of your code is signing the user in to Firebase Authentication, so access is denied.

If you want documents in your database to have an owner, you'll have to implement that yourself on top of the database. Have a look at the Firebase documentation on securing content-owner only access for an example of this.

If you want yourself as the owner of the project to have access to all data, that is typically referred to as an application administrator. Firebase has nothing built in for that, but it's pretty easy to build on top. See for an example, my answer here: User conflict when using same Auth method for Admin and Normal users | Firebase Auth