Using firestore with angularfire2 rc 2.
All is working very nicely in development with no effective security rules.
These are the no security rules - where the cli
The following setup worked for me (I've used allChildren
as opposed to allSubcollection
):
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId}/{allChildren=**} {
allow read, write: if request.auth.uid == userId;
}
}
}
allChildren
will allow to read/write in any subcollections of a user document.
More information on this wildcard matching is here
I resolved this issue like this.
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
match /{allSubcollections=**} {
allow read, write: if request.auth.uid == userId;
}
}
}
}
In my case, I needed the permissions for creating the user as well so the other solutions did not work for me. I had to also allow access to /users/{userId}. Here is my code:
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read, write: if request.auth.uid == userId;
match /{allSubcollections=**} {
allow read, write: if request.auth.uid == userId;
}
}
}
}
The short answer is that {userId=**}
results in userId
being a path
and not a string
. This means that comparing it to request.auth.uid
(which is a string) will fail. Instead, you'll likely want something like:
service cloud.firestore {
match /databases/{database}/documents {
match /collectionA/{userId}/{allSubcollections=**} {
allow read, write: if request.auth.uid == userId;
}
}
}
This will guarantee that userId
is a string, and then match the appropriate subcollections (note that again, allSubcollections
will be a path
).