Are there some restrictions to using two nested get calls in Firestore security rules that I’m not aware of? I’ve been debugging this for hours:
<code>rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isUserConsultant() {
let userDoc = get(/databases/$(database)/documents/users/$(request.auth.uid));
let consultancyRef = userDoc.data.consultancyRef;
let consultancy = get(/databases/$(database)/documents/consultancies/$(consultancyRef)); // This line crashes. Commenting it out (and commenting consultancy.data out) works.
return consultancyRef != null && consultancy.data != null;
}
match /companies/{companyId} {
allow read, write: if request.auth != null && isUserConsultant();
}
// Default rule for all other documents
match /{document=**} {
allow read, write: if false;
}
}
}
</code>
<code>rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isUserConsultant() {
let userDoc = get(/databases/$(database)/documents/users/$(request.auth.uid));
let consultancyRef = userDoc.data.consultancyRef;
let consultancy = get(/databases/$(database)/documents/consultancies/$(consultancyRef)); // This line crashes. Commenting it out (and commenting consultancy.data out) works.
return consultancyRef != null && consultancy.data != null;
}
match /companies/{companyId} {
allow read, write: if request.auth != null && isUserConsultant();
}
// Default rule for all other documents
match /{document=**} {
allow read, write: if false;
}
}
}
</code>
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isUserConsultant() {
let userDoc = get(/databases/$(database)/documents/users/$(request.auth.uid));
let consultancyRef = userDoc.data.consultancyRef;
let consultancy = get(/databases/$(database)/documents/consultancies/$(consultancyRef)); // This line crashes. Commenting it out (and commenting consultancy.data out) works.
return consultancyRef != null && consultancy.data != null;
}
match /companies/{companyId} {
allow read, write: if request.auth != null && isUserConsultant();
}
// Default rule for all other documents
match /{document=**} {
allow read, write: if false;
}
}
}
And I keep getting in the Rules Playground:
<code>Error running simulation – Error: simulator.rules line [6], column [21]. Function not found error: Name: [get].; Error: Invalid argument provided to call. Function: [get], Argument: ["||invalid_argument||"]
</code>
<code>Error running simulation – Error: simulator.rules line [6], column [21]. Function not found error: Name: [get].; Error: Invalid argument provided to call. Function: [get], Argument: ["||invalid_argument||"]
</code>
Error running simulation – Error: simulator.rules line [6], column [21]. Function not found error: Name: [get].; Error: Invalid argument provided to call. Function: [get], Argument: ["||invalid_argument||"]