I have following rule set up on firestore.
service cloud.firestore {
match /databases/{database}/documents {
match /items/{itemid} {
allow read, write: if request.auth.uid == resource.data.owner;
}
}
}
In my Angular service, I am initializing collection as follows:
constructor(private authService: AuthService, private fs: AngularFirestore) {
this.itemsCollection = this.fs.collection('items', cr => {
return cr.where('owner', '==', authService.currentUserId);
});
}
Code to read items:
items() {
return this.itemsCollection.valueChanges();
}
Code to write item:
addItem(item: ItemEntry): Observable<DocumentReference> {
item.owner = this.authService.currentUserId;
return Observable.fromPromise(this.itemsCollection.add(item));
}
The read operation works correctly, but the write operation (addItem) fails with error
Missing or insufficient permissions.
Unable to figure out, why?
That's because the resource variable:
contains a map of the fields and values stored in a document in
resource.data.
This means that resource.data only contains the data that is already stored on the database.
You should use request.resource instead. Because it contains the data being written to the database. Your new rules would look like this:
allow read, write: if request.auth.uid == request.resource.data.owner;
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments