Firestore rules query FirebaseError: [code=permission-denied]: Missing or insufficient permissions

I have a "mail" collection on firestore . I’m trying to set up the security rules so that only the owner author can access control according to uid in fields.

/mail/unique_id

{
author: "RPH6j0eZc2QrDhvsQJhDDFApjnj1"
date: "2022-11-23T10:57:13.580Z"
status: "ongoing"
}

firestore rule :

match /mail/{mailId}{
  allow read, write: if request.auth != null && request.auth.uid == resource.data.author;

 }

function post

this.db.collection('mail').add(data)

reading from collection mail

  this.db.collection('mail',ref=>ref.where('author','==',this.uid)).get().subscribe(res => { })

result : l can read from firestore database but, when l try to push new data l have an error

FirebaseError: [code=permission-denied]: Missing or insufficient permissions.

>Solution :

I can read from firestore database but, when I try to push new data I
have an error

This is because for a read rule you have to use resource.data BUT for a write rule you need to use request.resource.data.

So you need to separate into two rules:

match /mail/{mailId}{
   allow read: if request.auth != null && request.auth.uid == resource.data.author;
   allow write: if request.auth != null && request.auth.uid == request.resource.data.author;
 }

More details in the documentation.

Leave a Reply