Write in firestore from a firebase callable function as if it were the user provided by the auth context

Question

In firebase callable functions we get a handy context parameter which includes the auth data, including the uid. I have my firestore rules properly defined, which work based on the logged in user. Is there a way to use this context to write from the server as if it were the user, so the rules apply?

A simple example:

export const firestoreCreateDocumentOnCall = functions
  .region(...regions).https.onCall(async (data, context) => {
    try {
      const path = data.path as string;
      const docData = data.data as any;
      // ! This writes as admin, I would like as if it were the user provided by context !
      await admin.firestore().doc(path).set(docData);
      return;
    } catch(error) {
      console.error(`Error: ${error}`);
      return { error };
    }
  });

score 1 · Answer 1 · answered Jan 06 '21 at 14:24

Accessing Firestore from within Cloud Functions happens through the Admin SDK, which runs with administrative privileges. There is no way access Firestore as an alternative user through the Admin SDK.

The only alternative I can think of is accessing Firestore through its REST API, but I've never tried this and it's definitely less convenient than using an SDK.

Also see:

How to make Firebase Functions act as a user instead of being an admin?
user access and data control to cloud firestore when calls to firestore are made server side

Write in firestore from a firebase callable function as if it were the user provided by the auth context

1 Answers1