I'm trying to create a Firestore rule which only allows a user to list documents from a collection where they're filtering a field.
// would fail: db.collection('documents').get(); // would succeed: db.collection('documents').where('fieldId', '==', 123456).get();
Is there a way to accomplish this through Firestore rules?
The only way I can think of is withquery based rules .
Something like this:
allow read: if resource.fieldId.published == 123456;
But I don't think there's a way to only require them to filter on fieldId
, no matter what value.
Interestingly enough, this is possible with Realtime Database security rules, which have a separate clause for query.orderByChild
.
I think this sounds like a reasonable feature though, so I recommend you file a feature request . It won't help you now or in any near feature, but... who knows.
I got it working with
allow list: if int(resource.data.fieldId) > 100000000000000000;
since all of the ids are over 100000000000000000. Now attempting to list a collection without.where('fieldId', '==', someId) is rejected.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.