I’m currently building a web app with Firebase Firestore and trying to create a permission system.
My data is structured as follows:
- projects (collection)
- [projectId] (document)
- allowRead (value)
- someData (value)
- users (collection)
- [userId] (document)
- permission (value)
- [userId] (document)
- [projectId] (document)
Every user should only be able to request a project when they are listed in users and have the needed permission.
Here are my Firestore rules:
service cloud.firestore {
match /databases/{database}/documents {
match /projects {
allow read: if true;
// Regeln für die Projekte
match /{projectId} {
allow read: if isUserAuthorized('read');
allow write: if isUserAuthorized('write');
// Regeln für alle Unterdokumente
match /{document=**} {
allow read: if isUserAuthorized('read');
allow write: if isUserAuthorized('write');
}
function isUserAuthorized(permission) {
return (
// Überprüfen, ob der Nutzer authentifiziert ist und die Berechtigung hat
request.auth != null &&
(
get(/databases/$(database)/documents/projects/$(projectId)/users/$(request.auth.uid)).data.permission == permission ||
get(/databases/$(database)/documents/projects/$(projectId)/users/$(request.auth.uid)).data.permission == 'write'
)
) || (
// Überprüfen, ob eine allgemeine Berechtigung zum Lesen der Ressource vorliegt
permission == 'read' &&
get(/databases/$(database)/documents/projects/$(projectId)).data.allowRead == true
);
}
}
}
}
}
The problem is that when I request the collection “/projects”, it seems unable to check the projectId and im getting an empty array. I’m not sure, but the projectId seems to not be defined. When I request “/projects/someId/users”, the permission check work fine.
Thanks…
fabianRafreider is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.