2

When querying for a collection of documents and using a security rule to check a field on a document to allow a read, I get:

"Uncaught Error in onSnapshot: Error: Missing or insufficient permissions."

My query:

firebase.firestore().collection('photos').where('event', '==', eventId).orderBy('uploadedAt', "desc").limit(11)
.onSnapshot((photoBatch) => {
  let photos = []
  photoBatch.docs.forEach(doc => {
    let photo = doc.data()
    photo.id = doc.id
    photos.push(photo) 
  });
  return = photos
})

My rule:

match /databases/{database}/documents {
  match /photos/{photo} {
    allow read: if resource.data.privatePhoto == false
  }
}

All the documents returned from this query do have the field 

privatePhoto: false

Is there something about returning multiple documents that prevents checking on individual document fields?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Dan Broadbent
  • 93
  • 1
  • 7
  • The security rules don't filter documents, they merely ensure that read operations only access documents that are allowed. You'll need to add a `.where('privatePhoto', '==', false)` to your query to make it match the rules. Also see my answer here: https://stackoverflow.com/questions/50098585/firestore-security-rule-resource-data-is-empty-object/50117052#50117052 – Frank van Puffelen Jun 16 '18 at 23:36
  • Thanks! I understand now. The problem wasn't that the result set didn't meet the condition (because it did), but rather the query had the potential of returning a document that didn't meet the condition so it immediately failed. – Dan Broadbent Jun 18 '18 at 03:40
  • Possible duplicate of [firestore security rule resource.data is empty object](https://stackoverflow.com/questions/50098585/firestore-security-rule-resource-data-is-empty-object) – Frank van Puffelen Jun 18 '18 at 04:21

0 Answers0