I have a "mail" collection on firestore . I’m trying to set up the security rules so that only the owner author can access control according to uid in fields.
/mail/unique_id
{
author: "RPH6j0eZc2QrDhvsQJhDDFApjnj1"
date: "2022-11-23T10:57:13.580Z"
status: "ongoing"
}
firestore rule :
match /mail/{mailId}{
allow read, write: if request.auth != null && request.auth.uid == resource.data.author;
}
function post
this.db.collection('mail').add(data)
reading from collection mail
this.db.collection('mail',ref=>ref.where('author','==',this.uid)).get().subscribe(res => { })
result : l can read from firestore database but, when l try to push new data l have an error
FirebaseError: [code=permission-denied]: Missing or insufficient permissions.
>Solution :
I can read from firestore database but, when I try to push new data I
have an error
This is because for a read rule you have to use resource.data BUT for a write rule you need to use request.resource.data.
So you need to separate into two rules:
match /mail/{mailId}{
allow read: if request.auth != null && request.auth.uid == resource.data.author;
allow write: if request.auth != null && request.auth.uid == request.resource.data.author;
}
More details in the documentation.