Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

angular + firestore: how to allow public read access to a document

Tags:

angular

firebase

google-cloud-firestore

I am a student developer trying out the new Firestore in my angular app and got stuck on the security rules.

what i'm trying to achieve:

display a firestore document in an angular view using template binding. the document should be view-able to non-authenticated users.

the problem:

if a non-authenticated user tries to view the page a permissions error occurs:

ERROR Error: Missing or insufficient permissions. at new FirestoreError (error.js:164)

the template file: 

<p>{{ (item | async)?.name }}</p>

the component.ts file:

interface Profile {
   name: string;
}
...
private itemDoc: AngularFirestoreDocument<Profile>;
item: Observable<Profile>;
...
ngOnInit() {

   this.itemDoc = this.afs.doc<Profile>('profiles/0mlC8uWaKeArzk0sfIfX');
   this.item = this.itemDoc.valueChanges();
}

firestore rules:

service cloud.firestore {
   match /databases/{database}/documents {
     match /{document=**} {
        allow read, write: if request.auth != null;
     }
   }
}
like image 327
Jacky Brown Avatar asked Oct 05 '17 19:10

Jacky Brown

1 Answers

As you know, access to your Cloud Firestore data is controlled by Security Rules. When you get an "insufficient permissions error" that means your read or write has been denied by rules.

In your case you have these rules:

service cloud.firestore {
   match /databases/{database}/documents {
     match /{document=**} {
        allow read, write: if request.auth != null;
     }
   }
}

Translated roughly to english, these say "allow reading or writing to any document in the database as long as the user is signed in".

So if you're getting an error, it means the user is not signed in (request.auth == null).

So you have two options:

Option 1: Add Auth to Your App

You can add Firebase Authentication to your app. The simplest thing that would satisfy your rules would be anonymous authentication:

firebase.auth().signInAnonymously()
.then(function() {
   // You're signed in, reads will work
})
.catch(function(error) {
  // Handle Errors here.
  // ...
});

Option 2: Change Your Security Rules

If you want all users to be able to read all of the data in your app, you could open up the rules as follows:

service cloud.firestore {
   match /databases/{database}/documents {
     match /{document=**} {
      allow read: if true;
      allow write: if request.auth != null;
      }
   }
}
like image 61
Sam Stern Avatar answered Sep 27 '22 19:09

Sam Stern
Sign in to Comment

Related questions

Angular 2 Chrome DOM rendering problems
Disabling the squiggly green line in Angular 2+ html template
return boolean instead of subscribe to canActivate
Angular Material MdSidebar - How to call .toggle() from typescript
where can I find documentation for specific version [closed]
Angular 2 Cast FormGroup value to interface
Angular Error: ExpressionChangedAfterItHasBeenCheckedError
Angular 2 - RxJS Switch Map Issue
CSS Flexbox Responsive Layout and % widths
How to add hyperlink to Primeng datatable column,angular 2 way
How to Store Array Data Using Ionic Native Storage?
Angular2/4 - Cannot read property subscribe of undefined
Node JS - CORS Issue Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header
Angular 2 Setter and Getter
ng-bootstrap Typeahead selected object
Material2 How to open md-menu on mouseenter
Angular TypeError: is not a function when trying to call an object.object[].method
Why event triggers ChangeDetection even if OnPush strategy is ON?
md-form-field must contain a MdFormFieldControl
how to use rxjs isNumeric() function?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!