Rules in Firebase with 2 Apps in a single Database / Error with authentication

0
votes

I have 2 apps (admin and clients) using the same firebase database, first configure the admin app, then from the "project configuration" create the clients app in "Add another app".

service cloud.firestore {
  match /databases/{database}/documents {

    match /clients/{document=**} {
      allow read, write: if true;
    }
    match /payments/{document=**} {
      allow read, write: if true;
    }
  }
}

Without setting firebase rules (like the ones indicated above), the 2 apps work fine, I can read, edit, create and authenticate users. The problem happens when I start to set basic rules:

service cloud.firestore {
  match /databases/{database}/documents {

    match /clients/{document=**} {
      allow read, write: if request.auth != null;
    }
    match /payments/{document=**} {
      allow read, write: if request.auth != null;
    }
  }
}

with these rules it works fine in the admin app, but in the clients app it shows an error: ERROR FirebaseError: Missing or insufficient permissions; and does not allow read or write to the database.

1
firebasefirebase-realtime-databasefirebase-authentication
Hi, it would be nice if you could post your rules so we can understand your problem better - Leonardo Ferreira
Hi leonardo, I have an admin app and a client app, both web. So far I am working without rules (allow read, write: if true), this way my 2 web apps work without problem, they connect to the database and authenticate. But, when i start to implement basic rules, like request.auth.uid != null, in my first app it still works, but in the second it gives me the error (ERROR FirebaseError: Missing or insufficient permissions) - PedroA
Instead of providing additional information in comments, please edit your question (there's an edit link right under it) to include the minimal, complete information with which any of us can reproduce where you are stuck (read the link please, as it contains a lot of information that'll make it more likely one of us can help). - Frank van Puffelen
Hello Frank, I already edited the information, I hope I have explained the problem better. Thanks for the help you can give me - PedroA

1 Answers

0
votes

It seems you are using the syntax for Firestore Security rules in realtime database. I am assuming you want to run 2 apps on a single database and want to have different security rules for both. You need to separate the apps data in their own node to do so. Then you can try the following rules:

{
  "rules": {
    "app1": {
      ".read": "auth != null",
      ".write": "auth != null"
    },
    "app2": {
      ".read": true,
      ".write": true
    }
  }
}

Now data of both app1 and app2 will have separate security rules. Just make sure the data is in relevant node.