How do I stop a firestore web client from reading certain documents in rules based off a documents content?
Question
For some reason I can run the rules simulator and it works perfectly (rejects reads on documents that have dedicated set to false) but the js app still pulls all documents if I remove the "Where" statement from:
firebase.firestore().collection('live').where('dedicated', '==', false).onSnapshot
to
firebase.firestore().collection('live').onSnapshot
I need to be able to list the documents, but not read the ones with dedicated = true. I know that rules are not filters, but I plan on keeping the where statement and still want to restrict the access to certain documents for security.
Rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /live/{document} {
allow list: if true;
allow read: if resource.data.dedicated == false;
}
...
1 answers
solution1
0 2022-02-19 05:06:09
Since your rules say:
allow list: if true;
This means that you allow API calls that retrieve a list of documents without any conditions.
If you only want to allow the first query, you should use:
allow list: if resource.data.dedicated == false;
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.