Firestore 数据库规则缺失或权限不足

Question

I'm self studying firestore and I could not figure out a way to only allow a user to update, delete or read only the collections added by them.

This is the structure I'm using:

I use firebase auth for user handing. I save the currentUser.uid as user_id in the database for each collection.

These are the rules I'm using

service cloud.firestore {
  match /databases/{database}/documents {

    match /tasks{
      allow read, update, delete: if request.auth.uid == resource.data.user_id;
      allow create: if request.auth.uid != null;
    }
  }

When I try to read/get the data I get Missing or insufficient permissions error.

I'm using the web api (JavaScript) for firestore. This is the code I'm using to read data.

function read() {

    db.collection("tasks").get().then((querySnapshot) => {
        querySnapshot.forEach((doc) => {
            var newLI = document.createElement('li');

            newLI.appendChild(document.createTextNode(doc.data().task));

            dataList.appendChild(newLI);

        });
    });

}

Answer 1

the error was in my JavaScript I was getting all without filtering by user

function read() {
    let taskColletion = db.collection("tasks");

    taskColletion.where("user_id", "==", firebase.auth().currentUser.uid).get().then((querySnapshot) => {
        querySnapshot.forEach((doc) => {
            var newLI = document.createElement('li');

            newLI.appendChild(document.createTextNode(doc.data().task));

            dataList.appendChild(newLI);
        });
        
    });

}

Answer 2

This is actually explained on the Firestore Documentation (I recommend reading it).

You're missing a wildcard after /tasks :

service cloud.firestore {
  match /databases/{database}/documents {
    match /tasks/{task} {
      allow read, update, delete: if request.auth.uid == resource.data.user_id;
      allow create: if request.auth.uid != null;
    }
  }
}