Cloud Firestore 规则问题

Question

I have an all app which I can dynamically enter things to a list, which are stored in a database in cloud firestore, each item has a name and a userId. In my App I have all the authentication done, everything works wonderfully, every time I enter something to the list, each item has the userId of the respective user. The problem is that I am in the final stage where I want each user to have their own list, and not be able to access another user's list and vice versa. So I am changing the database rules but i ran into problems. When entering things to my list, these things are added to the database, with their respective name and user id, but they do not appear in the application, It doesn't show me the items in the app. but the items exist in the database.

UPDATE: SOLVED!

Answer 1

There is a problem with the function matchesUser() in the security rule. You are passing an incorrect value request.resource.data to the function. Instead of that you have to pass resource.data . The request.resource.data variable contains the future state of the document and resource.data contains current state of the document.

The code should be

allow read: if authed() && matchesUser(resource.data);

Answer 2

There is some mistake with your code. According to your code, you trying to access the whole document from the collection shows regardless of the user. This will be clearly denied by the firebase security rule. According to rule an user can only access their own data and remember that firebase security rules are not filters.

So the code should be

db.collection('shows').where('userId','==',uid_of_the_user)
.orderBy('timestamp').onSnapshot((snapshot)=>...)