{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 你好瞎i 的问题《Firestore permissions》','https://www.manongdao.com/q-1003541.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
How do I configure permissions so that a user can only read and write documents where they are the owner? my documents have a top level attribute called owner.
I read these docs
https://firebase.google.com/docs/firestore/security/secure-data?authuser=0#the_resource_variable
and it seems like this should work?
service cloud.firestore {
match /databases/{database}/documents {
match /analysis/{analysis} {
allow read, write: if request.auth.email == resource.data.owner
}
}
}
however this doesn't seem to work. i continuously get insufficient permission error. What do i need to change?
Update:
After reading the docs @Doug Stevenson linked I decided to go with
service cloud.firestore {
match /databases/{database}/documents {
match /analysis/{analysis} {
allow read, write: if request.auth.uid == resource.data.owner_uid;
}
}
}
So my original intent was that when we do a list operation:
a. only those documents belonging to a user are returned
b. only documents a user owns can be read or written by that user.
With the above configuration b. is accomplished.
how do I do accomplish a. ?
To answer your update question part (a):
I has a similar issue - I had my rules set correctly to allow that user to read and write. However, Firestore needs us to have our queries match the firestore database rules. So the query on the front should match what that user has access to. So my issue was I was asking for all products in the collection. What I needed to change it to was asking for all products in the collection where the "owner" of the product matched the logged in user, like this:
Hope this helps
According to the documentation, you should use
request.auth.token.email(notrequest.auth.email).