In the realtime database when an update is called on a single value the security rules will evaluate the values present in the database if it is not specified within the request.
In Firestore we have to create rules for the data already present in Firestore resource.data, or the data in the request request.resource.data.
This causes you to have to replicate your security rules with an or condition to check for present data so that an individual value can be updated.
What is the best way to structure security rules to specify a single condition for each of a set of datas values while still allowing an update on an individual piece of that data?
match /subscriptions/{uid} {
allow read: if request.auth.uid == uid;
allow write: if request.auth.uid == uid
&& request.resource.data.keys().hasAll(['allowedTerminals', 'activeTerminals'])
&& request.resource.data.allowedTerminals is int && request.resource.data.allowedTerminals > 0
&& request.resource.data.activeTerminals is int;
}
Given this security rule I could successfully create a new subscription when I initially provide both activeTerminal and allowedTerminal values, but if I wanted to update the activeTerminal value I would have to provide the allowedTerminal value as well or the update would return a permission denied error.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 做个烂人 的文章《Security rules for updates in Firestore》','https://www.manongdao.com/article-943134.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}