1

A document looks like this

matches: [
{uid: ___ , ...},
{uid: ___ , ...},
]

How can I check if the uid of the user requesting this is in one of the uids in matches? I tried this but it did not work.

uid in get(/databases/$(database)/documents/users/$(request.auth.uid)).data.matches.uid

Thanks for your help!

Student
  • 89
  • 1
  • 8

1 Answers1

4

You can't. The Security Rules language doesn't support for loops or things like map. You'll need to store your data differently. Either of these patterns could work:

// data structure
matches: ["uid1", "uid2", "uid3"]
// rules
allow: if uid in resource.data.matches;

// data structure
matches: {"uid1": true, "uid2": true}
// rules
allow: if resource.data.matches[uid] == true;

Alternatively if you know that the matches array can never be longer than, say, five elements, you could manually expand the statement:

allow: if resource.data.matches[0].uid == uid ||
          resource.data.matches[1].uid == uid ||
          // ...repeat three more times
Michael Bleigh
  • 25,334
  • 2
  • 79
  • 85
  • Thanks, that's very helpful! Curious if you have any suggesstions about this: https://stackoverflow.com/questions/65895509/firestore-update-document-on-beforeunload – Student Feb 05 '21 at 12:12