FirebaseError: [code=permission-denied]: Missing or insufficient permissions

Question

I have a simple collection reference in a service

    firebase.auth().onAuthStateChanged(user => {
      if (user) {
          this.itineraryCollection = firebase
            .firestore()
            .collection(`itinerary/${user.uid}/itineraryList`);
        }
      });

I'm calling this service OnInit

  ngOnInit() {
    this.loggedInUser = firebase.auth().currentUser;
    this.dataSvc.getItineraries()
    .get()
    .then( itineraryListSnapshot => {
      this.itineraries = [];
      itineraryListSnapshot.forEach(snap => {
        this.itineraries.push({
          id: snap.id,
          activities: snap.data().activities,
          destination: snap.data().destination,
          startDate: snap.data().startDate,
          endDate: snap.data().endDate,
          tripDetails: snap.data().tripDetails,
          userId: snap.data().userId
        });
      });
    });

    // this.itineraries = this.dataSvc.getUserItinerary();
    console.log('logged in user add itin page', this.itineraries);
  }

But I keep getting the following error on page initialization:

vendor.js:49548 ERROR Error: Uncaught (in promise): FirebaseError: [code=permission-denied]: Missing or insufficient permissions.
FirebaseError: Missing or insufficient permissions.
    at new FirestoreError (vendor.js:76086)
    at JsonProtoSerializer.push../node_modules/@firebase/firestore/dist/index.cjs.js.JsonProtoSerializer.fromRpcStatus (vendor.js:81385)
    at JsonProtoSerializer.push../node_modules/@firebase/firestore/dist/index.cjs.js.JsonProtoSerializer.fromWatchChange (vendor.js:81882)
    at PersistentListenStream.push../node_modules/@firebase/firestore/dist/index.cjs.js.PersistentListenStream.onMessage (vendor.js:90087)
    at vendor.js:90016
    at vendor.js:90056
    at vendor.js:83144
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (polyfills.js:2749)
    at Object.onInvoke (vendor.js:51123)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (polyfills.js:2748)
    at resolvePromise (polyfills.js:3189)
    at resolvePromise (polyfills.js:3146)
    at polyfills.js:3250
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (polyfills.js:2781)
    at Object.onInvokeTask (vendor.js:51114)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (polyfills.js:2780)
    at Zone.push../node_modules/zone.js/dist/zone.js.Zone.runTask (polyfills.js:2553)
    at drainMicroTaskQueue (polyfills.js:2959)
    at push../node_modules/zone.js/dist/zone.js.ZoneTask.invokeTask (polyfills.js:2860)
    at ZoneTask.invoke (polyfills.js:2845)

I'm not sure what my database rules in firebase should be but I've tried a bunch of different rules:

      match /itinerary/{userId} {
            allow read; 
            allow write;
      }
      
            match /itinerary/{userId}/itineraryList {
            allow read; 
            allow write;
      }

any help would be greatly appreciated

Answer 1

I solved this by changing the rules of the database to the reading allowed for anyone, but leaving the methods of creating, changing, deleting and updating only for connected users. The commented part is for a later implementation where you have already defined administrator rules for each user logged in, so you can pass there that only users who are administrators can change.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if true;
      allow create, update, delete, write: if request.auth != null;
      //allow create, update, delete, write: if request.auth != null && request.auth.uid == userIdAdmin;
    }
  }
}