Firebase setDoc 导致 async/await 错误

Question

Right now, I am making an app for my client and I have a form that should register a new user. I have initialized my firebase app, both in project and in the console. I put setDoc operation in my submit function(and I used async/await), but in the console I get the following error:

Uncaught (in promise) FirebaseError: Missing or insufficient permissions.

I am making my project using react, if that helps. Here is my function:

const submit = async () => {
        if(name.length >= 3 && surname.length >= 3 && phone.length >= 9 && code.length == 3)
        {
            const userName = name + surname
            const ref = doc(db, 'users', userName)
            const data = {
                name: name,
                surname: surname,
                phone: phone,
                code: code,
                userName: name + surname
            }
            console.log(data)
            await setDoc(ref, data).then((res) => {
                window.alert('Регистрацијата е успешна!')
                router('/')
            })
        }
        if(name.length <= 2) setNameError(true)
        if(surname.length <= 2) setSurnameError(true)
        if(phone.length <= 8) setPhoneError(true)
        if(code.length != 3) setCodeError(true)
        
    }

Thanks in advance to the people that will answer this question:)

Answer 1

The FirebaseError: Missing or insufficient permissions. error means that you have to adapt your security rules to allow writing in the users collection.

The most basic possible rule would be:

service cloud.firestore {
  match /databases/{database}/documents {

    // Match any document in the 'users' collection
    match /users/{userId} {
      allow read: ...;
      allow write: if true;
    }
  }
}

But it would allow everyone to write to the collection, so it's not really recommended. However it may be interesting to temporarily use it on a test environment to check that your code is correct.

Read the doc on security rules in order to find the exact rule corresponding to your needs.

Note that you will probably be interested by the common pattern shown in the doc which aims at "making sure users can only read and write their own data".