Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cloud Firestore Security Rules for array operations

I'm trying to restrict certain operations towards Firestore to creating or appending to an array. How should I do that? How can I distinguish arrayUnion() from arrayDelete()? What about distinguishing array operations from all the other operations?

Update: So far, from what I got by digging into the Firestore API, I'm guessing maybe something like allow create, FieldValue.arrayUnion: if true could work, but I haven't tested it yet, will update when I tested it.

like image 361
Jack Avatar asked Jan 05 '19 11:01

Jack


1 Answers

If you want to ensure that any updates to the document don't remove any f the existing values from the array, you're looking for hasAll:

allow update: if request.resource.data.arrayField.hasAll(resource.data.arrayField);

I just quickly tested this in the simulator. Updating a document that has arrayField: ["value1", "value2"], I:

  • Failed when writing arrayField: ["value1"]
  • Succeeded when writing arrayField: ["value1", "value2"]
  • Succeeded when writing arrayField: ["value1", "value2", "value3"]
like image 177
Frank van Puffelen Avatar answered Nov 10 '22 07:11

Frank van Puffelen