0

My development site was running fine with 'allow read: if true'. In production I made the changes below which should allow read access to the public collections. I am able to download the data and my frontend renders correctly but I am getting permission errors in the console.

I am using flamelink as a cms which does place references in some fields. Do I need read permissions to all the referenced collections as well?

service cloud.firestore {
  match /databases/{database}/documents {
    match /fl_content/{document} {
      allow read: if true
    }
    match /fl_files/{document} {
      allow read: if true
    }
    match /fl_navigation/{document} {
      allow read: if true
    }
    match /{document=**} {
      allow read, write: if request.auth.uid != null;
    }
  }
}

I am receiving the data with this Vue method. The data is received and I can access it.

firestore: {
        pageContent: firestore
            .collection("fl_content")
            .where("_fl_meta_.schema", "==", "aboutPage")
            .limit(1),
    },

But the console is showing errors

Uncaught Error in snapshot listener: FirebaseError: Missing or insufficient permissions.

Any help?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Kalen Michael
  • 56
  • 7

1 Answers1

0

Ok, so... first of all, I don't think you need anonymous access on your DB, which is that read: if true. The last statement:

  match /{document=**} {
        allow read, write: if request.auth.uid != null;
    }

Is granting read access to all your database for authenticated users, and that should be enough. Rules are matched top-bottom, so the error you're seeing is probably because you reach a read for the collection in question, but the references in it point to another collection, that, at that point has no permissions, however, by the time you reach the last statement, those permissions are granted, hence you are getting the data.

Sergio Flores
  • 439
  • 2
  • 8
  • The website is a public site (with anonymous access) that generates its content via firestore. This allows users to edit the content of the website in the connected CMS. If I don't have anonymous read access the site will not render. The authenticated read/write rules are used for the CMS. Saying that I will check on the references, although I was accessing the site via incognito and it rendered fine. – Kalen Michael Apr 28 '21 at 09:05
  • Ok, try adding ALL collections to the read list, those that require anonymous access, I mean. – Sergio Flores Apr 28 '21 at 13:04