2

I have a problem with the configuration of my firestore's rules.

I have two typescript classes cart.ts and item.ts

export class Item {
    id?: string;
    name: string;
    quantity: string;
    onCart: boolean;
    position: number;
}

export class Cart {
    id?: string;
    name: string;
    time: string;
    buying: boolean;
    bought: boolean;
    boughtDate?: string;
    personal: boolean;
    userId: string;
    items: Item[];
}

An user can read all the public carts and only his personal ones (I want to make the public carts only readable from people you choose but for now I'm focusing in something more simple).

I have a method on my CartService to get the pending carts:

export class CartService {
    getPending(): Observable<Cart[]> {
        return combineLatest(
            this.angularFirestore
                .collection(
                    'carts',
                    ref => ref
                        .where('personal', '==', true)
                        .where('userId', '==', this.authService.user.getValue().uid)
                        .where('bought', '==', false)
                ).snapshotChanges(),
            this.angularFirestore
                .collection(
                    'carts',
                    ref => ref
                        .where('bought', '==', false)
                        .where('personal', '==', false))
                .snapshotChanges(),
        ).map(actions => {
            let collections = [];
            actions.forEach(action => collections.push(...action));

            return collections
                .map(action => {
                    const cart = action.payload.doc.data() as Cart;
                    return new Cart(cart.userId, cart, action.payload.doc.id)
                });
        });
    }
}

And I have this rules on my firestore database:

service cloud.firestore {
    match /databases/{database}/documents {
        match /carts/{cartId} {
            function isPersonal() {
                return get(/databases/$(database)/documents/carts/$(cartId)).data.personal;
            }

            function canReadPublic() {
                return !isPersonal() && request.auth != null;
            }

            function canReadPrivate() {
                return isPersonal() && get(/databases/$(database)/documents/carts/$(cartId)).data.userId == request.auth.uid;
            }

            function canUserRead() {
                return canReadPublic() || canReadPrivate();
            }

            allow read: if canUserRead();

            match /{document=**} {
                allow read: if canUserRead();
            }
        }
    }
}

Everytime I call this method an error is thrown:

Error: Missing or insufficient permissions.

I'm totally lost and I've waste so many time and rewritten all this code dozen of times that I'm out of options.

Borja
  • 35
  • 4
  • Usually, this error happens when you don't configure the rules in your firebase database. Please, check out in your firebase account : database => rules. The other situation, is when you lost your session and there are subscription active. Try to unsubscribe them :) – codesandtags Feb 11 '18 at 18:21

0 Answers0