I’m learning how to set up the rules for Firestore.
I want to simulate a request of a collection, but it shows an error ("Path must be document-level") and doesn’t let me run the request:
Why is it so? It is a very common thing to request a collection of documents from their API, so why can I not simulate it in the playground?
Here are the rules I’m testing. They don’t exactly work, but that’s a different question:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId}/todos {
allow read, write: if request.auth.uid == userId;
}
}
}
>Solution :
Even if one can fetch an entire Collection, a match statement in Security Rules must specify a document path, as explained in the doc:
All match statements should point to documents, not collections. A
match statement can point to a specific document, as in match
/cities/SFor use wildcards to point to any document in the specified
path, as in match/cities/{city}.
So, in the simulator, you must specify a document path and therefore check your rule for a specific document.
And don’t forget another important point which is somehow linked to the above: Rules are not filters