12

Firestore security rules do not work. Help me. Document data of users/userid could not be read.

----------Security Rule------------

service cloud.firestore {
 match /databases/{database}/documents {
  match /users/{userId=**} {

  // Missing or insufficient permissions.
    allow read, write: if request.auth.uid == userId

  // this is work.
  //allow read, write: if request.auth != null

}

} }

--------------main.js--------------------

import Vue from 'vue'
import Quasar from 'quasar'
import firebase from 'firebase'
import 'firebase/firestore'

Vue.config.productionTip = false
Vue.use(Quasar)


let app;
firebase.initializeApp({
  apiKey: "",
  authDomain: "",
  databaseURL: "",
  projectId: "",
  storageBucket: "",
  messagingSenderId: ""
})


firebase.auth().onAuthStateChanged(user=> {
  if (user) {
    let ref = firebase.firestore().collection('users').doc(user.uid)
    ref.get().then(snapshot=>{
      // Error !! : Missing or insufficient permissions.
    }
  }
  if(!app){
    Quasar.start(() => {
      app = new Vue({
        el: '#q-app',
        render: h => h(require('./App').default)
      })
    })
  }

})

firebase ^4.8.0 vue ^2.5.0

Apparently, require.auth.uid does not seem to work properly. Where is there a mistake in me?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Shinya Ueda
  • 331
  • 1
  • 2
  • 7
  • did you saved the auth.uid key as users key? – Hareesh Dec 14 '17 at 08:40
  • @ShinyaUeda - `request.auth != null` is not working for me. I'm having this issue for Android using `com.google.firebase:firebase-firestore:17.1.0` despite being logged in on the app and seeing the User UID in the Firebase Auth console. – AdamHurwitz Sep 30 '18 at 00:39
  • @Hareesh, any suggestions for debugging if `request.auth != null` is not working? – AdamHurwitz Oct 13 '18 at 02:13
  • ```request.auth.uid != null``` is right out of the "Mixed public and private access" (and other parts) of the documentation at https://firebase.google.com/docs/rules/insecure-rules#common_scenarios_with_insecure_rules – Mark Gavagan May 09 '22 at 11:29

3 Answers3

11

I was able to solve it self

 match /users/{user} {
   allow read, write: if request.auth.uid == user
   match / {docs = **} {
      allow read, write: if request.auth.uid == user
   }
 }
Shinya Ueda
  • 331
  • 1
  • 2
  • 7
7

I followed the example I found here (under the User tab) and it's working great:

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /databases/{database}/documents {
    match /users/{userId}/{documents=**} {
      allow read, write: if isOwner(userId);
    }
  }

  function isOwner(userId) {
    return request.auth.uid == userId;
  }
}
Jacques Bourque
  • 1,087
  • 1
  • 8
  • 19
  • 3
    Works really good, just needed to change firebase.storage to cloud.firestore in my case. Thank you! – Shakle Jul 18 '19 at 14:19
0
 match /users/{userId}/{documents=**} {
  // return request.auth.uid == userId
  function isAuth(){
  return request.auth != null
  }
  allow read,write:if   (isAuth() && request.auth.uid == userId)    
}

this solution work for this error.

mehmet ilhan
  • 91
  • 1
  • 2
  • 1
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 23 '21 at 14:07