Menu
The ruleset protects the user's entry like follows:
The rule looks like:
match /users/{userId} {
allow read: if isCurrentUser(userId) || isAdmin();
allow write: if (isCurrentUser(userId) && !isModifyingPermissions()) || isAdmin();
function isModifyingPermissions(){
return request.resource.data['permissions'] != null;
}
}
I'm stuck with the isModifiyingPermissions() function. It properly refuses a write in case the request has a value for the permissions property. However, the rule crashes if no permissions property is provided, stating the following:
Error: simulator.rules line [19], column [15]. Property permissions is undefined on object.
How can one write "check presence of a property on request resource" ?
621
There is no way to check for duplicates in the entire collection in security rules, as that would require Cloud Firestore to read all documents in the collection (which would become very expensive at scale). The above only allows creating a document, it does not allow updating it.
You can use Firestore queries to get the document ID which corresponds to the field you want to keep unique. If the query returns null , that would mean that the database doesn't contain that value., ergo, the username , in this case, is available or vice versa.
Use the Firebase console To set up and deploy your first set of rules, open the Rules tab in the Cloud Firestore section of the Firebase console. Write your rules in the online editor, then click Publish.
A subcollection is a collection associated with a specific document. Note: You can query across subcollections with the same collection ID by using Collection Group Queries. You can create a subcollection called messages for every room document in your rooms collection: collections_bookmark rooms. class roomA.
Ok, here's the solution:
function isModifyingPermissions(){
return request.resource.data.keys().hasAny(["permissions"]);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With