12

When a user signs up and they initialise their data in firestore, I want to validate that they aren't attempting to set their role (i.e. so they're not setting it to 'admin' for example).

I tried to write this:

match /users/{userId} {
  allow create: if (signedInAs(userId) && !request.resource.data.role) || isAdmin();
  ...

...but I just see "Property role is undefined on object."

Is there a way to do this safely? Or does this mean I should always be initialising expected fields, even if it's just to the empty string? That doesn't seem to quite fit with the philosophy of NoSQL?

Joseph Humfrey
  • 2,974
  • 2
  • 23
  • 34

2 Answers2

35

Use the in operator to find out if a property of an object doesn't exist.

!("role" in request.resource.data)

This yields a boolean. See it in the rules API docs for the Map type.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • It only works well when I fetch the individual document, but not when I fetch collection :/ – Dariusz Bacinski Aug 07 '19 at 13:51
  • @DariuszBacinski What do you mean by fetching collection? For that you would have 'exists' (for a document to exist under that collection). I don't see the relevance of your comment with regard to the question or answer. Educate me. – akauppi Mar 18 '20 at 14:44
0

Try with writeFields if other solutions do not work.

!("role" in request.writeFields)
krmld
  • 1,248
  • 14
  • 9