Suppose there are two documents that
/orgs/foo
/users/alice
and /users/alice
has a reference-type field org
which references /orgs/foo
.
/orgs/foo
should be accessible when request.auth.uid == 'alice'
. How can I do that?
I guess it is something like this, but I cannot figure out. In other words, how can I get the ID of the referenced document?
function isOrgMember(orgId) {
return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.org.__id__ == orgId;
}
match /orgs/{orgId} {
allow read: isOrgMember(orgId);
}
The security group for each instance must reference the private IP address of the other instance, or the CIDR range of the subnet that contains the other instance, as the source. If you reference the security group of the other instance as the source, this does not allow traffic to flow between the instances.
By default, a new security group attached to a group of instances will not allow these to communicate with each other. To allow this, create new inbound and outbound rules, then set the source and destination as the security group itself.
Amazon EC2 uses this set of rules to determine whether to allow access. You can assign multiple security groups to an instance. Therefore, an instance can have hundreds of rules that apply.
I know it's been a while since the original question but I've had a similar issue and I hope this could help you or others.
Your condition is:
get(/databases/$(database)/documents/users/$(request.auth.uid)).data.org.__id__ == orgId;
But org
is a reference, which (apparently) means you need to get
it as well. Try this:
get(get(/databases/$(database)/documents/users/$(request.auth.uid)).data.org).id == orgId;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With