I’m trying to write storage rules in firebase. There are 3 levels of user in my app- admin, agent, and client.
A client should be able to write to their own ‘Request’
Admins can read everything
Agents can read their client’s ‘Requests’
Please note I’m putting ‘Request’ in quotes because it’s an app-specific entity, not a database request
The problem is that once I set any kind of restrictions, the app breaks completely.
Here’s the issue: When permissions are wide open, the client can write with no problem:
rules_version = '2';service firebase.storage {match /b/{bucket}/o {match /requests/{requestId}/{allPaths=**} {
allow read, write: if request.auth != null
}
}
}
But, the moment I add read rules, even read rules that don’t affect the client, the permissions break for the client.
Here are the rules I put in place:
rules_version = '2';service firebase.storage {match /b/{bucket}/o {match /requests/{requestId}/{allPaths=**} {
// Allow read access for agents managing the client, and admins
allow read: if request.auth != null && (request.auth.token.role == "admin" ||(request.auth.token.role == "agent" &&
get(/databases/$(database)/documents/requests/$(requestId)).data.agentId == request.auth.uid));
allow write: if request.auth != null
This throws a permissions error for the client:
Error uploading file: FirebaseError: Firebase Storage: User does not have permission to access 'requests/buh29L41CAUQKDGLYHoR/documents/requestImage.jpeg'. (storage/unauthorized)
I can confirm that the user is authenticated as a client with their phone number and a uid.
I feel like there’s a simple answer to this; something obvious that I’m missing. I’m admittedly pretty new to all of this, so if it is something stupid, feel free to belittle me and call me a noob and all that. I just want to fix this.
Thanks!
Adam James is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.