Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

firestore security rule request.auth.uid is not working

Firestore security rules do not work. Help me. Document data of users/userid could not be read.

----------Security Rule------------

service cloud.firestore {
 match /databases/{database}/documents {
  match /users/{userId=**} {

  // Missing or insufficient permissions.
    allow read, write: if request.auth.uid == userId

  // this is work.
  //allow read, write: if request.auth != null

}

} }

--------------main.js--------------------

import Vue from 'vue'
import Quasar from 'quasar'
import firebase from 'firebase'
import 'firebase/firestore'

Vue.config.productionTip = false
Vue.use(Quasar)


let app;
firebase.initializeApp({
  apiKey: "",
  authDomain: "",
  databaseURL: "",
  projectId: "",
  storageBucket: "",
  messagingSenderId: ""
})


firebase.auth().onAuthStateChanged(user=> {
  if (user) {
    let ref = firebase.firestore().collection('users').doc(user.uid)
    ref.get().then(snapshot=>{
      // Error !! : Missing or insufficient permissions.
    }
  }
  if(!app){
    Quasar.start(() => {
      app = new Vue({
        el: '#q-app',
        render: h => h(require('./App').default)
      })
    })
  }

})

firebase ^4.8.0 vue ^2.5.0

Apparently, require.auth.uid does not seem to work properly. Where is there a mistake in me?

like image 581
Shinya Ueda Avatar asked Dec 14 '17 08:12

Shinya Ueda


People also ask

How do you fix insecure rules in Firebase?

Solution: Rules that restrict read and write access. Build rules that make sense for your data hierarchy. One of the common solutions to this insecurity is user-based security with Firebase Authentication. Learn more about authenticating users with rules.

How do I change my security rules on firestore?

To set up and deploy your first set of rules, open the Rules tab in the Cloud Firestore section of the Firebase console. Write your rules in the online editor, then click Publish.


1 Answers

I followed the example I found here (under the User tab) and it's working great:

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /databases/{database}/documents {
    match /users/{userId}/{documents=**} {
      allow read, write: if isOwner(userId);
    }
  }

  function isOwner(userId) {
    return request.auth.uid == userId;
  }
}
like image 165
Jacques Bourque Avatar answered Sep 28 '22 06:09

Jacques Bourque