0

Previously, I had the following rule:

 allow read: if request.auth.token.email in resource.data.shareWith;

Now, that the data structure changed and shareWith is no longer an array of email addresses, but an array of maps, how can I adapt this rule accordingly?

This is how the DB looks like now:

enter image description here

shareWith: [ { email, phone }, { email, phone }, ... ]

Improve this question

1 Answer 1

Reset to default
1

Checking whether an item is in an array in Firestore (both its query API and its security rules) requires that you specify the full item. There is no way to check for a partial match.

The common workaround is to add an additional array field to each document with just the values that you want to check/query for. So in your case, that'd be:

shareWithEmails: ["email1", "email2"]

And then your security rule would be:

allow read: if request.auth.token.email in resource.data.shareWithEmails;

Also see:

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks! By the way, is it correct, that it you only have the email address of the user available (for the rules) if someone logs in via Google account, but NOT his mobile phone number?
The information comes from the auth provider, and I indeed would not expected the phone number provider to have/provider an email address. As a workaround you can ask the user for their email, and then add it to their account.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.