Firestore security rules - Function exists not found

3
votes

I am developing an application, which uses Firestore as a database. I have a collection of admins, where the id of the documents is the email address of the admin. I want to create a security rule, which enables only admins to create new documents. My current solution looks like this:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{collectionName}/{document=**} {
      allow create: if exists(/databases/$(database)/documents/admins/$(request.auth.email));
    }
  }
}

But when I try to run the admin app, it gives a missing or insufficient permissions error. Furthermore, when I try to test it in the rules playground, it gives the following error:

Error running simulation — Error: simulator.rules line [6], column [24]. Function not found error: Name: [exists].; Error: Invalid argument provided to call. Function: [exists], Argument: ["||invalid_argument||"]

As far as I understand, somehow the exists function is missing and the document id is invalid, but why? It's just a string, isn't it?

2
firebasegoogle-cloud-firestorefirebase-authenticationfirebase-security
Try this : $(request.auth.email).dataKevin M. Mansour

2 Answers

2
votes

If you are trying to get the email associated with the auth request, you have to do it like this: $(request.auth.token.email). You can see details on the structure of the Request.auth object here.

0
votes

There is no option to make a user Admin and give special privileges in realtime database I think it goes the same to the FireStore.

But what you can do is add a field in the user like userType and give it the value Admin whenever an admin Signs up, subsequently you can create rules based on that.