{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《Using resource.data in Firestore rules》','https://www.manongdao.com/q-1048337.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have the following Firestore rules:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if true;
}
match /institutions/{institution}/watches/{watch} {
allow read, update, delete: if request.auth.email == resource.data.email;
allow create: if request.auth.email != null;
}
}
}
Essentially, I'd like it such that any document under /institutions/{institution}/watches is read/update/deleteable if and only if the email on the document is identical to the email of the user. When I run this through the simulator with an example document, however, I can't get the access control to work and I also get a permission denied error on the API client.
Is there any way to debug this further/is something missing from my above rules?
I believe that
request.auth.emailshould berequest.auth.token.email. See https://firebase.google.com/docs/reference/rules/rules.firestore.Request#auth .