'Firestore rule to access subcollection raising Missing or insufficient permissions

I am struggling with Firestore rules to allow access to some resources in a subcollection.

I have some requests documents, that may present a sub-collection named status. My current rules are something like that:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    
    // I use it to check if user is signed in
    function userSignedIn() {
      return request.auth != null;
    }
    
    match /requests/{requestId} {
        
      // I use it to check if user is the owner of the request
      function userCanAccess () {
        return userSignedIn() && request.auth.uid == get(/databases/$(database)/documents/requests/$(requestId)).data.userId;
      }
      
      
      // allow read to logged user who own request
      allow read, update: if userCanAccess();
      
      // anyone can create a new request
      allow create: if true;
      
      // no one can delete the request
      allow delete: if false;
      
      
      
      match /status/{statusId} {
        // allow read and update of status to logged user who own request
        allow read, update: if userCanAccess();
        
        // anyone can create the status
        allow create: if true;
        
        // no one can delete the status
        allow delete: if false;
      }
    }
  }
}

My very first way to check if user had access was by request.auth.uid == resource.data.userId, however it only works for requests documents, not for status documents since they do not have the userId field.

I'm using flutter to make the request with the code:

FirebaseFirestore.instance
            .collection('requests')
            .where('userId', isEqualTo: user.uid)
            .orderBy('requestedOn', descending: true)
            .snapshots()
            .listen((snapshot) {
              // Here I read requests and their status
            });

However I'm getting Error: [cloud_firestore/permission-denied] Missing or insufficient permissions.. How can I solve (or debug) it? Using rules playground in firestore, with the exact same uid, I am able to complete the reading.

firebasefluttergoogle-cloud-firestorefirebase-security


Solution 1:[1]

I'm wondering if the get() call may be causing problems. Try this:

function userCanAccess () {
  return userSignedIn() && request.auth.uid == requestId.data.userId;
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Frank van Puffelen

Related Questions

ADB exited with exit code 1

ADB exited with exit code 1

Flutter: wasm streaming compile failed: TypeError: Could not download wasm module

How to add integer as default/initial value for TextFormField in flutter?

How to highlight correct word on searchDelegate?

Xcode build is missing expected TARGET_BUILD_DIR build setting

Generic callback with generic class as parameter in Dart

How to not dispose of previous widget when navigating to a new widget in Flutter?

Unhandled Exception: type 'Null' is not a subtype of type 'Map<String, dynamic>' in type cast

FirebaseMessagingService Illegal Access

Firebase push notifications stops working after some time for all users in my Flutter app. Is this correct flutter fcm implementation?

How to draw a horizontal line in flutter row widgets?

Flutter testing error: NotInitializedError which involves environment variables (.env)

How to make a widget take as much width as the screen in Flutter?

ERROR: Runner.xcworkspace does not exist. error implementing google maps