When querying for a collection of documents and using a security rule to check a field on a document to allow a read, I get:
"Uncaught Error in onSnapshot: Error: Missing or insufficient permissions."
My query:
firebase.firestore().collection('photos').where('event', '==', eventId).orderBy('uploadedAt', "desc").limit(11)
.onSnapshot((photoBatch) => {
let photos = []
photoBatch.docs.forEach(doc => {
let photo = doc.data()
photo.id = doc.id
photos.push(photo)
});
return = photos
})
My rule:
match /databases/{database}/documents {
match /photos/{photo} {
allow read: if resource.data.privatePhoto == false
}
}
All the documents returned from this query do have the field
privatePhoto: false
Is there something about returning multiple documents that prevents checking on individual document fields?
