1

I want to allow read/write operation on a document only if:

  1. There's a valid account
  2. Document's id matches with the account's uid
  3. Account's email is verified

and

  1. Account is stated as approved into another document containing list of uids and their status as shown below:

enter image description here

I managed to write the 3/4 security rules but I am struggling to write the final one as shown below:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
  function isVerified(uid) {
  return get(/db-dev/user-status/$(uid)) == "verified"
  }
    match /{document=**} {
      allow read, write: if get(/users/$(request.auth.uid)).data.admin == true;
    }
    match /db-dev/users/verified/{userId} {
    allow read,write: if request.auth != null && request.auth.uid == userId && request.auth.token.email_verified == true && isVerified(request.auth.uid);
    }
  }
}

Ideally I want to get the value of that specific uid and check if it's verified or not. Can someone help me in modifying my isVerified function?

When I remove isVerified it works fine but when I include isVerified I get an error: Error running simulation — The path "/users/XXXXXXXXXXXXXXXXXXXXXXXXXX" is improperly formatted. Paths should start with "/databases/$(database)/documents/"

Ideally I want to check if the uid exists in db-dev/user-status with the value of "verified" or not and accordingly procceed.

Database structure: enter image description here

As requested here's document structure for users:

Inside users, I have 3 documents:

  1. verified
  2. pending
  3. rejected

and in all three of them, I have documents whose id is user's uid and followed by their details: enter image description here enter image description here

Shivam Sahil
  • 4,055
  • 3
  • 31
  • 62
  • Hi, Can you provide your Firestore database structure? – Zeenath S N Jan 25 '22 at 11:38
  • Hi Zeenath, I have added an image for the same, let me know if you need any other details – Shivam Sahil Jan 25 '22 at 13:58
  • Can you also provide document structure of ```users```? – Zeenath S N Jan 26 '22 at 07:00
  • As you asked, I have also added the document structure of users. – Shivam Sahil Jan 26 '22 at 07:06
  • Can you try providing ```/databases/$(database)/documents``` in your get() function's path as mentioned in the [doc](https://firebase.google.com/docs/firestore/security/rules-conditions#access_other_documents) and also in your error. – Zeenath S N Jan 27 '22 at 11:20
  • you mean to put `/databases/$(database)/documents` before get and then the rest of the path or just this? I tried: `get(/databases/$(database)/documents/db-dev/user-status/$(uid)) == "verified"` but getting the same error – Shivam Sahil Jan 27 '22 at 13:48
  • Did you also try this path: ```get(/databases/$(database)/documents/user-status/$(uid)) == "verified"```?? – Zeenath S N Jan 28 '22 at 05:45
  • yeah tried: `get(/databases/$(database)/documents/user-status/$(uid)) == "verified"` and `/db-dev/users/verified/UGG3gdiCCpbUBmBWXK20jYM8WiH2` in location field while trying to fetch the data – Shivam Sahil Jan 28 '22 at 05:56

1 Answers1

2

The error that you are receiving is because of the issue present in the Firebase Rules Simulator. There are a few stackoverflow answers, for example, this where it is said that the issue is within the Simulator itself. It has also been recorded by google in the Issue tracker which you can follow.

As for the workaround, you can either try deploying and testing the rules in your application.

Zeenath S N
  • 1,100
  • 2
  • 8