9

I'm having a collection. Each document have an object readers which will store the uid of people who will have access to the documents. It could be one or many user that can access to a document enter image description here

I'm using angular firebase 

constructor(private afAuth: AngularFireAuth, private afs: AngularFirestore) { 
    this.afAuth.authState.subscribe(auth => {
      this.users = afs.collection<User>('users', ref => ref.where('readers.' + auth.uid, '==', true)).valueChanges();
    });
  }

If I user the rule allow all read, my page will show the correct entries

match /users/{userId=**} {
      allow read, write;
    }

If I add in the rule to filter using uid I get the error Missing or insufficient permissions.

match /users/{userId=**} {
      allow read, write: if resource.data.readers[request.auth.uid] == true ||
                        resource.readers[request.auth.uid] == true;
    }

Appreciate any help on what did I do wrong for the rules. Thanks in advance.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
William
  • 395
  • 1
  • 5
  • 17
  • i think you need to put a `.` inside `if resource.data.readers.[request.auth.uid] == true` like this – Hareesh Oct 23 '17 at 14:24
  • That would be a syntax error. – William Oct 25 '17 at 08:09
  • ok in the docs they used `$(request.auth.uid)` to get the value. try `if resource.data.readers[$(request.auth.uid)] == true` – Hareesh Oct 25 '17 at 13:09
  • `resource.data.readers[$(request.auth.uid)]` returns syntax error Combing through the docs I saw that it should be `resource.data.readers[(request.auth.uid)]`. Tried that and it didn't work as well. `if resource.data.readers[(request.auth.uid)] == true` and `if resource.data.readers[(request.auth.uid)] != null` – William Oct 26 '17 at 02:03
  • Looks like `resource.readers[request.auth.uid] == true` is working now – forcelain Dec 10 '17 at 14:35

1 Answers1

-3

Have you tried changing your rules on database-rules to auth=null?

{
  "rules": {
    ".read": "auth == null",
    ".write": "auth == null"
  }
}
Manuel Bauer
  • 1
  • That won't work as a collection will have multiple document where each document will be access by different users. – William Oct 23 '17 at 14:07