'User Access Roles In Firestore

I have Firestore setup as shown in the images below. first imagesecond imagethird image

I am trying ensure that a user can only have access to projects of a specific company provided the user is authenticated (email and password), email-verified and is part of the users collection (by verifying with UID) for that company based on a specific role (eg. manager, dancer, choreographer).

I have created some rules as shown below but it is not working as expected. Thank you in advance for the contribution.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    //create user creates own data in users collection
    match /companies/company_id/users{
        allow create: if request.auth != null && request.auth.token.email_verified == true;
    }
    
    //user should be allowed to create or delete own data. 
    //Only managers should be allowed to delete data of others
    match /companies/company_id/users/{user_id}{
        allow read, delete: if request.auth != null && request.auth.uid == user_id;
    }
    
    match /companies/{company_id}/projects {
      allow write: if isManager(get(/databases/$(database)/documents/companies/{company_id}/users/$(request.auth.uid))) || isChoreographer(get(/databases/$(database)/documents/companies/{company_id}/users/$(request.auth.uid)));
      allow read: if isDancer(get(/databases/$(database)/documents/companies/{company_id}/users/$(request.auth.uid)));
    }
    
    match /companies/{company_id}/project/{project_id} {
      allow read, write: if get(/databases/$(database)/documents/companies/{company_id}/users/$(request.auth.uid)) == request.auth.uid;
    }
    
    function isManager(database){
        return database.data.role == "manager";
    }
    
    function isChoreographer(database){
        return database.data.role == "choreographer";
    }
    
    function isDancer(database){
        return database.data.role == "dancer";
    }
  }
}

Any ideas?

EDIT I have included a curl script I used trying to access one of the firestore rules.

curl --location --request GET 'https://firestore.googleapis.com/v1/projects/project_somthin/databases/(default)/documents/companies/company_a/users/MSTJMcwggcGwrXgEgwl5' \
--header 'Authorization: Bearer token_id'

I go the error:

{ "error": { "code": 403, "message": "Missing or insufficient permissions.", "status": "PERMISSION_DENIED" } }

firebasegoogle-cloud-firestorefirebase-security


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to use use Firestore document field's HashMap key value and populate recyclerview?

How to set up Firebase Push Notification with Deep Link with Unity3D

Xcode build is missing expected TARGET_BUILD_DIR build setting

How to get TypeScript to recognize firebase import

FirebaseMessagingService Illegal Access

How do I access data from a top-level document in a Cloud firestore trigger with Cloud functions?

Firebase push notifications stops working after some time for all users in my Flutter app. Is this correct flutter fcm implementation?

Firebase deploy node modules issue

React-router did not work on production

In new Firebase, how to use multiple config file in xcode?

Flutter Firebase foreground push notification not showing but background is working

Datatables search, filter, and export with Firebase

Can't fill array with firestore data

"No such module 'Firebase'" when add Firebase into a library

FCM notification not retrieve when app is closed