Configure the firestore security rules to allow users to only access their own data - efficiently

后端 未结 4 1833
庸人自扰
庸人自扰 2021-02-16 00:01

Using firestore with angularfire2 rc 2.

All is working very nicely in development with no effective security rules.

These are the no security rules - where the cli

4条回答
  •  天涯浪人
    2021-02-16 00:29

    The following setup worked for me (I've used allChildren as opposed to allSubcollection):

    service cloud.firestore {
      match /databases/{database}/documents {
        match /users/{userId}/{allChildren=**} {
          allow read, write: if request.auth.uid == userId;
        }
      }
    }
    

    allChildren will allow to read/write in any subcollections of a user document.

    More information on this wildcard matching is here

提交回复
热议问题