I'm trying to create a firebase storage security rule that queries a data saved in firestore, the idea is to allow or block the ability to upload an image to storage depending on a property stored in firestore. Following the documentation page firebase documentation and the firebase announcement announcing-cross-service-security-rules, I wrote the following rule:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /images/{userId}/{image} {
allow read: if request.auth != null && request.auth.uid == userId;
allow create: if request.auth != null && request.auth.uid == userId
&& request.resource.size < 10 * 1024 * 1024 // max size 10MB
&& request.resource.contentType.matches('image/.*')
&& firestore.get(/databases/(default)/documents/data_users/$(request.auth.uid)).data.tokens > 0;
}
}
}
This throws the following error:
com.google.firebase.rules.runtime.common.EvaluationException: Error: /home/miuser/Documents/code/test_project/storage.rules line [9], column [22]. Service call error. Function: [firestore.get], Argument: [path_value {
segments {
simple: "databases"
}
segments {
simple: "(default)"
}
segments {
simple: "documents"
}
segments {
simple: "data_users"
}
segments {
simple: "9eP2MrjhoQ2CR5w9GcW31hx6uZfF"
}
}
].
When I remove the line that contains firestore.get everything works correctly, I have exhaustively verified the path and it is correct, I have even done tests changing that line to something simpler like: && firestore.exist(/databases/(default)/documents/data_users) but I get similar error.
I am using the firebase emulators with Ubuntu 22.04, my firebase-tools version is 12.4.3. I really appreciate your help in advance, I'm really stuck on this.
