1

I want to give permission of read and write just to users whom exist in the members group but I don't know why it doesn't work ?

This is the rules in firestore :

    rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
  match /Users/{uid} {
  allow write: if request.auth != null && request.auth.uid == uid;
  allow read : if request.auth != null;
  }
    
    match /GroupChat/{document=**} {
      allow read,create,update: if request.auth != null && request.auth.uid in request.resource.data.Members;
        
    }
  }
}

This is a screen of my data base screen from DATABase

The query :

FirebaseFirestore.instance
          .collection("GroupChat")
          .where("Members",
              arrayContains: FirebaseAuth.instance.currentUser!.uid)
          .snapshots(),

when I want to display the information in my APP, I get this error :

W/Firestore(14600): (24.0.0) [Firestore]: Listen for Query(target=Query(GroupChat where Members array_contains 0FQhApDgWMVNTpOiDewF3qJX7IA3 order by name);limitType=LIMIT_TO_FIRST) failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}

ismail
  • 318
  • 2
  • 11
  • Have you run the app in real device? – ᴅ ᴇ ʙ ᴊ ᴇᴇ ᴛ Feb 19 '22 at 15:08
  • No,I didn't yet – ismail Feb 19 '22 at 15:14
  • error description=Disconnecting idle stream can be the cause of emulator please check in the real device then reply back. – ᴅ ᴇ ʙ ᴊ ᴇᴇ ᴛ Feb 19 '22 at 15:15
  • I think I have a problem to run my Iphone with xcode so I just restart the IDLE and now it give me this error : W/Firestore(14600): (24.0.0) [Firestore]: Listen for Query(target=Query(GroupChat where Members array_contains 0FQhApDgWMVNTpOiDewF3qJX7IA3 order by __name__);limitType=LIMIT_TO_FIRST) failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null} I changed it in the body of my question Thank you @Debjeet – ismail Feb 19 '22 at 16:49
  • Can you share the query that you are making ? – Dharmaraj Feb 19 '22 at 16:54
  • @Dharmaraj , I added it in the question body – ismail Feb 19 '22 at 17:00
  • 1
    Can you try changing rule to `request.auth.uid in resource.data.Members;` instead of `request.auth.uid in request.resource.data.Members;` – Dharmaraj Feb 19 '22 at 17:02

1 Answers1

2

As mentioned in the documentation,

The resource variable refers to the requested document, and resource.data is a map of all of the fields and values stored in the document.

However, request.resource.data contains data that is being added in document in update/write operations. You should be using resource.data because you want to check existing data.

match /GroupChat/{document=**} {
  allow read,create,update: if request.auth != null && request.auth.uid in resource.data.Members;        
}
Dharmaraj
  • 47,845
  • 8
  • 52
  • 84