I’m experiencing an issue with Firestore security rules. I have two versions of a rule that checks if a document exists, but only one of them works.

I am making a functionality in which when a user will hit a perticular node it will check the request.auth.token.crc is equal to the value stored in the resource.data.crc as i need to encrypt the resource.data.crc because the value in request.auth.token.crc also encrypted i want to check if both values are same

I am making a functionality in which when a user will hit a perticular node it will check the request.auth.token.crc is equal to the value stored in the resource.data.crc as i need to encrypt the resource.data.crc because the value in request.auth.token.crc also encrypted i want to check if both values are same

I may indeed be a blunt object but I’ve been trying to figure out the best way to iterate through my high scores array which contains ‘scoreEntry’ maps. As I understand it, such behavior is prohibited by Google to avoid infinite looping issues & ‘abuse’ of the security rules system. Not that any of that makes sense to a smooth brain such as myself, but maybe there is already an easy solution which I just can’t find at the moment. Here is the db structure as it lies:

I am very new to Firebase security and this project needs to have strong security due to the sensitive nature of the information. But my situation is very complicated.
I have 3 interconnected websites that utilize the same Firebase project and Firestore. The 1st website has authentication setup so I could have controlled security from there with uid but the other two websites do not require login, but still need read and write access to certain documents. Is there any solution possible to this?
Currently I’m in dev mode so my rules are read write all.

getDocs(query(orderBy(‘createdAt’, ‘desc’))) with rules, i can enforce a query allow list: if request.query.orderBy.createdAt == “DESC” How do i make it so users cannot apply query to any other fields getDocs(query(orderBy(‘createdAt’, ‘desc’), where(‘status’, ‘==’, 0))) status is an additional query And how do i make it so users may apply queries to specific fields so… createdAt […]

The following firestore rules set works in my emulator,
but does not work in the Cloud.
The isUserAuthenticated returns false, as if the {userId} didn’t evaluate correctly.

I’m creating a website with a whitelabel system that I need to limit the access to the firestore collections and documents based on a Role system. The rules are: Users will receive a custom claim called “role” that is the ID of a document of the role collection This Role document can allow the user […]

Are there some restrictions to using two nested get calls in Firestore security rules that I’m not aware of? I’ve been debugging this for hours:

I found this weird behavior where using a document field to query another document is not working as expected when setting Firebase storage security rules: