Firebase Firestore: custom admin access

Question

In Firebase Firestore, I\'m trying to allow only (custom-assigned) admins to write/update/delete resources, and for that I\'ve got these security rules:

service          


        

Answer 1

Some points i noticed

match /resources is pointing to a collection, that rules has no effect on its documents. here i am quoting from the doc

Rules for collections don't apply to documents within that collection. It's unusual (and probably an error) to have a security rule that is written at the collection level instead of the document level.

so you don't have to write rules for collections

Then in the rules allow write, update, delete: you can say either allow write: or specifically allow create, update, delete: any of the three options or combine them.

try this

service cloud.firestore {
    match /databases/{database}/documents {
      match /resources/{resource} {

        function isAdmin() {
            return get(/databases/$(database)/documents/users/$(request.auth.uid)).isAdmin ||
            get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isAdmin;
        }

        allow read;
        allow create, update, delete: if isAdmin();
    }
  }
}