Firestore security rules not working on specific field

Firestore security rules not working on specific field

Content Index :

Firestore security rules not working on specific field
Tag : typescript , By : warttack
Date : November 24 2020, 05:47 AM

this will help Security rules don't filter data by themselves. The security rules instead only allow queries that are guaranteed to will only ever match documents that are allowed. If there is a chance that a query returns documents that are not allowed, the security rules reject the query straight away.
Your query filters on cust_id while the rules allow/disallow on user_id. This means your query is trying to retrieve documents you don't have access to. Since your query might return a document with the wrong user_id, the rules reject the query. See https://firebase.google.com/docs/firestore/security/rules-query
allow read: if request.auth.uid == resource.data.cust_id;

No Comments Right Now !

Boards Message :
You Must Login Or Sign Up to Add Your Comments .

Share : facebook icon twitter icon

Firestore Security Rules - How Do I Use a Variable for a Field Name?

Tag : firebase , By : Roel van Dijk
Date : March 29 2020, 07:55 AM
I hope this helps . If I have a document saved at /recordTypeX/{autoKey}, with the following structure: , Here is an example of one of my fire base rules.
function containsResourceOwnerId() {
    // /database/{database}/documents/example/{exampleId}
    // exampleDocument => { abc123: true }, request.auth.uid = abc123
    return resource.data[request.auth.uid] == true;
function isMemberOf() {
    return resource.data.memberUserIds[request.auth.uid] == true;
match /teams/{teamsId} {
    allow read: if isMemberOf();

Firestore security rules: Using hasOnly on a request to check if only a specific field is updated

Tag : firebase , By : Mario Tristan
Date : March 29 2020, 07:55 AM
wish helps you request.resource.data doesn't contain the request data itself, but it rather contains the new version of the resource after the write operation. Therefore the check failed.
Firestore documentation on request.resource:

Per field rules in Firestore Security Rules

Tag : firebase , By : Sigfrieg
Date : March 29 2020, 07:55 AM
it helps some times What you're looking for is to make a field non-modifiable. You do that by checking in your rules that the value of the field is the same after the request as before it.
I have a simple helper function for this in my rules:
function isUnmodified(key) {
  return request.resource.data[key] == resource.data[key]
  allow update: if isAdmin() || isUnmodified('name');

how to disallow update specific field in firestore document via security rules?

Tag : firebase , By : Keniwan
Date : March 29 2020, 07:55 AM
will be helpful for those in need Compare the contents of the requested document update to the existing contents to make sure it didn't change:
allow update: if request.resource.data.capacity == resource.data.capacity;

Firestore security rules, nested field

Tag : development , By : johntynan
Date : March 29 2020, 07:55 AM
it should still fix some issue EDIT (12/18/17): These are both now fixed, so this should Just Work™.
As @hatboysam mentioned, you're currently hitting two bugs that we're working quickly to fix:
match /chats/{trip} {
    match /messages/{message} {
       allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
match /bogusPathThatWillNeverMatch {
  allow read: if resource.data != null; // should never be true
Related Posts Related QUESTIONS :
  • Module.exports with es6 import for webpack.config.ts in typescript
  • TSLint: ordered-imports configuration
  • Protractor typescript Error: WebDriverError: java.net.ConnectException: Connection refused: connect while selecting valu
  • How can I write extension for generic class in typescript as getter
  • How to properly define global enum in Typescript
  • TestCafe - Checking if the hyperlink is working - redirection to an external email provider
  • Typescript, from us currency to es currency
  • TypeScript: Declaring a callable type as a class method type
  • Retrieve current value of an observable
  • Using the keys of an object literal as a Typescript type?
  • Cant get variable in data
  • TypeScript inferencing with process.exit
  • Compare two interfaces at runtime
  • Understanding .tsconfig file
  • Is function () { this.array = [newElem, ...array] } pure?
  • How can I ignore operating system font in react-native?
  • rxjs: Map adding field
  • How to use Mocha and Jest with TypeScript without conflicts?
  • Vue 2 + TypeScript: Avoid mutating Prop directly - in a class based component with vue-property-decorator
  • Use an object as a map's key in the value
  • How to allow partial TypeScript types when mocking functions - Jest, TypeScript
  • How to declare default-function for a class?
  • Deriving TypeScript interface from object literal
  • Accessing generics from inherited type
  • ServiceStack - Cannot get headers from in Typescript client ResponseFilter
  • Object.entries(qs).forEach(...) - resolve lambda ignoring type annotations
  • Typescript: Create object with same keys but different values
  • Defining a list of tuples with optional first and last elements
  • Error Message: "An interface can only extend an object type or intersection of object types with statically known m
  • Nuxt custom plugin exports is not defined
  • TypeGraphQL use TypeORM's findAndCount method
  • Typescript interface with keys of Generic
  • Need to click twice in KeyboardAvoidingView even when keyboardshouldpersisttaps is always
  • Typescript type safe HTTP post not really type safe
  • Typescript: Define type as any but function
  • How to map DTO using interfaces in typescript?
  • How to make a generic type argument required in typescript?
  • Get value of Observable<SomeObject> in an object
  • Typescript generics: Howto map array entries to object keys
  • How to restrict method argument to index number of tuple type?
  • How can we use Typescript with CodeceptJS for testing framework?
  • How to enable "error prevention only" in TSLint? (Disable style checks, etc.)
  • Working with typescript non-discriminated unions
  • how to limit keys of an object to a list of set strings in typescript
  • How to type a function so that its return type matches that of an array that is being returned?
  • Typescript not building in Container-based Azure Function App
  • Redeclare destructured variables in Typescript
  • Object literal which implements an interface which in turn uses a generic method
  • How to set a Type Literal on a widened type parameter (or prevent type widening)?
  • Correct type for a function that sets individual properties of an object?
  • What is bivariant parameter? ~ TypeScript
  • Typescript: “not assignable to parameter of type never” error
  • Typescript: prevent assignment of object with more properties than is specified in target interface
  • How to import constants from another file on TypeScript?
  • Typescript - Generic for deriving the same type but with no properties undefined
  • How to test refresh and expired token scenarios?
  • How to make reactive variables, like the data() in Vue? Vue+Typescript
  • Firebase Cloud Functions Returning Processed Data Using onCall
  • For an interface, what is the difference between these two way?
  • How to reduce type range
  • shadow
    Privacy Policy - Terms - Contact Us © scrbit.com