0

I'm trying to get data from my firestore database. I did the following:

Firestore.instance.collection('highScore').document('gGSIHVzDIjX1UCq7Pk8q').get().then((DocumentSnapshot ds) {
          print(ds);
        });

I get the following error when this line is run: PERMISSION_DENIED: Missing or insufficient permissions.

I tried modifying the firestore rules to:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, update, delete: if request.auth.uid == resource.data.uid;
      allow create: if request.auth.uid != null;
    }
  }
}

But I still get the same error. What am I doing wrong and how can I fix it?

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
Jessica
  • 9,379
  • 14
  • 65
  • 136
  • Why do you think that this rule should allow read access to the document? It's saying that the UID of the signed in user must have a field called "uid" with the same value. Have you verified this is the case? Can you show evidence that these things are true? – Doug Stevenson May 20 '20 at 05:04
  • @DougStevenson Thanks for the response. I'm actually new to firebase, so I kind of just took that from StackOverflow trying out different things. I would like anyone to have access to read write and update – Jessica May 20 '20 at 05:10
  • @DougStevenson Thanks for the response. I'm actually new to firebase, so I kind of just took that from StackOverflow trying out different things. I would like anyone to have access to read write and update – Jessica May 20 '20 at 05:10
  • Could you please explain what conditions do you want to apply for your Cloud Firestore Security Rules? – Nibrass H May 20 '20 at 08:02

1 Answers1

0

If your goal, as stated in comments, is to allow anyone read and write to your entire database:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write;
    }
  }
}

This is extremely insecure, and if you do this, Firebase will send you email saying as much. You should implement proper rules ASAP so the entire internet cannot do whatever they want with your data.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • My application won't have logins. There will just be a name, and going to be using firebase to track data. Is it still a security risk? – Jessica May 20 '20 at 13:07
  • Well, you should expect that anyone can read and write the database. If that's a problem for you, then you might want to look into another solution. – Doug Stevenson May 20 '20 at 15:37