0

I'm attempting to allow each user read and write their own data using firestore, but I'm getting an insufficient permissions error. I'm not sure why.

I have these rules in place for my firestore...

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
      match /users/{uid} {
        allow create: if request.auth != null;
        allow read, write, update, delete: if request.auth != null && request.auth.uid == uid;
      }
  }
}

In my project, I have my service that uses the following function to push the data to angular firebase (yes, it's pretty lengthy)...

constructor(private afs: AngularFirestore){}


addToOrders(artist: string, formInput: AlbumInput) {
    const currentUser = this.authService.currentUser; // uses a getter function to obtain the current user
    const trackingUrl = 'https://tools.usps.com/go/TrackConfirmAction_input?strOrigTrackNum=';
    const newOrder: Order = {
      artistName: artist, 
      album: formInput.selectedAlbum.name, 
      image: formInput.selectedAlbum.images[0].url, 
      orderType: formInput.orderType, 
      trackingUrl: trackingUrl,  
      variant: formInput.variant
    }

    if (formInput.orderType === "shipped") {
      newOrder.trackingNum = formInput.trackingNum;
      
      return of(this.afs.doc(`users/${currentUser.uid}`).collection('shipped').add(newOrder))
        .subscribe({
          next: (() => {
            this.albumAdded$.next(true);
          }), 
          error: (() => {
            this.albumAdded$.next(false);
          })
        });
    } else {
      newOrder.date = formInput.date;

      return of(this.afs.doc(`users/${currentUser.uid}`).collection('preordered').add(newOrder))
        .subscribe({
          next: (() => {
            this.albumAdded$.next(true);
          }), 
          error: (() => {
            this.albumAdded$.next(false);
          })
        });
    }
  }

Is there anything I'm missing in this pattern that would cause such an error?

If I change the rules to users/${user=**}, it does successfully store the data into the users subcollections, but now I can't sign in normally (for some reason, I can sign up despite the methods being nearly identical). Here is my sign in...

signIn(signInForm: SignInForm) {
        return this.afAuth.signInWithEmailAndPassword(signInForm.email, signInForm.password)
        .then((result) => {
            this.isUserData.next(true);
            this.setUserData(result.user!)
                .then(() => {
                    this.router.navigateByUrl("/home");
                });
        }).catch(error => {
            this.errorModal(error); // Modal Generic launches to inform the user
        });
    }

set user data...

setUserData(user: User) {
        const userRef: AngularFirestoreDocument<any> = this.afs.doc(`users/${user.uid}`);
        const userData: User = {
            uid: user.uid,
            email: user.email,
            displayName: user.displayName
        }
        return userRef.set(userData, {
            merge: true
        });
    }
ACDev
  • 139
  • 3
  • 11

1 Answers1

1

This rule:

match /users/{uid} {

Allows a user to read their own profile document. It does not allow them to read subcollections under there, which is what you do in this code:

of(this.afs.doc(`users/${currentUser.uid}`).collection('shipped').add(newOrder))

to allow a user to also read all subcollections of their profile document, use a recursive wildcard (**):

match /users/{uid=**} {
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • That looks like it worked to add the data to the user's subcollections, but now I'm getting an error when I attempt to sign in normally. I updated the above question. – ACDev Oct 13 '21 at 01:13
  • 1
    If this change allows you to store the data in the subcollections, it sounds like it fixes the problem you posted about. There may be more problems after that, but it's better to post those as a separate question with their own [MCVE](http://stackoverflow.com/help/mcve) (including the error message, which I didn't immediately see in your edit. – Frank van Puffelen Oct 13 '21 at 02:32