Learn Courses My Dashboard

Firebase Cloud Firestore Security Rules

I am having trouble setting up security rules that allow the user to generate the document path below in Cloud Firestore:

“Collection Name1/Document Name1/Collection Name 2/…more documents and collections”

Collection Name 2 is generated using the users authenticated user Id.

When I initially built the app I had essentially set no security rules and my app worked fine, allowing the generation of documents in the above path.

However, I am trying to set security rules allowing only the authenticated user to read and write documents to the above path and I can’t figure out how to do it. Below is an example of what I have tried:

rules_version = ‘2’;
service cloud.firestore {
match /databases/{database}/documents {
match /Collection Name1/Document Name1/{userId} {
allow read, write: if request.auth.uid == userId;
}

match /users/{userId} {
allow read, write: if request.auth.uid == userId;
}
}
}

Unfortunately I get error messages stating “The caller does not have permission”.

The second match statement above works fine but the userId is a document, not a collection. Is this the problem (i.e., I can’t apply security rules to collections)?

Any help/advice is greatly appreciated.

Did you ever figure this out? I’m currently writing mine!

Yes I did.