Menu
I'm trying to reproduce an example from the official Firestore docs. Everything you need to know is on the screenshot. Is it a bug or am I missing something?
977
The problem is that there's no actual document at /cities/moscow
65
A bit more explanation would have made manidos's answer a good one.
It seems like resources should be used only for rules involving data that have been already written; e.g. delete, read, update, etc.
If you want to set rules on data that "will be" written, use getAfter.
37
The issue is - as manidos - pointed out that the document /cities/moscow doesn't exist and hence the document is not accessible. However, a cleaner way to specify your rule is:
allow read: if (resource == null) || (resource.data.visibility == 'public')
It allows an application to query data that doesn't exist without blowing up with a security exception.
5
The key is to reading through the comments.
Many apps store access control information as fields on documents in the database. Cloud Firestore Security Rules can dynamically allow or deny access based on document data:
and then
// Allow the user to read data if the document has the 'visibility' field set to 'public'
If you look at the example data provided in the guide
let citiesRef = db.collection("cities")
citiesRef.document("SF").setData([
"name": "San Francisco",
"state": "CA",
"country": "USA",
"capital": false,
"population": 860000,
"regions": ["west_coast", "norcal"]
])
There is no 'visibility' field, however there is a name, state country field etc.
If you want to work with that data set, add a 'visibility' field to each city and set it's value to 'public'
citiesRef.document("SF").setData([
"name": "San Francisco",
"visibility": "public"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
