Firebase-firestore security rules per document flutter

Question

Firebase-Firestore denying all requests instead of rejecting one specific document which does not meet the data Firebase-Firestore security rules

allow read: if authenticated() && resource.data.status == true || author(resource.data.creatorid) || admin();

what I am trying to achieve is only status = true documents will appear

Error

Unhandled Exception: [cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation.

Using package paginate_firestore flutter

PaginateFirestore(
  itemsPerPage: 5,
  key: key,
  shrinkWrap: true,
  physics: ClampingScrollPhysics(),
  itemBuilderType: PaginateBuilderType.listView,
  itemBuilder: (index, context, documentSnapshot) {
    final data = documentSnapshot.data() as Map?;
    return MainComponent(
      data: data,
    );
  },
  query:
      FirebaseFirestore.instance.collection('members').orderBy('title'),
  isLive: false,
);

zero document retrived from firestore. screen is just showing a loading

Answer 1

I think that error is thrown by documents where status is not set to true. Try adding a where clause in your query which fetches documents with status as true.

query:
      FirebaseFirestore.instance.collection('members').where("status", isEqualTo: true).orderBy('title')

When it comes to showing an author their own requests, you can add a where which checks if author ID is equal to currently logged in user's ID.

query:
      FirebaseFirestore.instance.collection('members').where("authorId", isEqualTo: "currentUserId").orderBy('title')

Also try wrapping the conditions with logical or in a bracket:

allow read: if authenticated() && (resource.data.status == true || author(resource.data.creatorid) || admin());