5,610 questions
1
vote
2
answers
140
views
Flutter Firestore: [cloud_firestore/permission-denied] on both iOS and Android despite open rules (if true)
I am facing a persistent [cloud_firestore/permission-denied] error in my Flutter app when trying to write/read from Firestore. This happens on both Android and iOS devices.
What I have tried so far:
...
- 21
0
votes
1
answer
142
views
Firebase Firestore App Check and anonymous auth always return null
I have been working on this project and would like to add app check and auth. When app check and auth is not on the rules, the document is being saved. But when added docref appcheck is null. I am ...
- 11
1
vote
2
answers
102
views
Firebase CloudFirestore rules only work after reopening the app
I'm using Firebase Authentication and Firebase Cloud Firestore for my Flutter project. But the rules I implemented in the Firestore only apply correctly after restarting the app, if the user just ...
- 55
0
votes
1
answer
77
views
Firestore rule to allow users to pull only chats they are members of?
I have chat documents like the following:
{
members: ['abc','def'] // 2 element list of member UIDs
// some other chat metadata
}
In firestore, I have the following rules on my collection:
...
- 304
0
votes
1
answer
68
views
Rules for checking document key existence in Firestore
So I have a document for an event. Here's the current structure:
{
"name": "Some Event Name",
"users" : {
"a": {
"name": "Some Name&...
- 1,123
0
votes
1
answer
61
views
Firestore security rules: allow read only if custom claim pst is "true" or not present
I’m building a web app where users sign in with a Firebase Authentication custom token. The token has claims like this:
{
"iss": "------",
"sub": "------",
...
- 2,859
0
votes
0
answers
93
views
How to fix firebase firestore permission/rules error?
I am building a Flutter mobile app using Firebase backend. I have four collections: institutions, resources, resourceTypes, users.
I want the institution's collection to be accessible by any user (...
- 132
1
vote
1
answer
156
views
Firestore Security Rules resource.data is not returning correctly
I have a collection named "dms" that has "firstUserId" and "secondUserId" as fields in its documents. The following rule is giving me permission denied error:
match /dms/{...
- 15
0
votes
1
answer
53
views
Firestore security: Incorrect number of arguments supplied to function: diff
I'm trying to use the diff() method in my Firestore rules to ensure the user only edits the allowed fields, however when I try to compile my rules and upload them, I receive the following error in my ...
- 5,221
1
vote
1
answer
62
views
Security rules warning
I have updated my security rules and they look like this:
{
"rules": {
".read": false,
".write": false,
"development": {
"events":...
- 37
-2
votes
1
answer
135
views
How to deny all writes to Realtime Database based on data within it? [closed]
In the Realtime Database, if we want to block all writes to an entire Realtime Database database based on some boolean contained therein, what is the proper way to do it?
Let's say in Realtime ...
- 7,773
0
votes
1
answer
78
views
How to check if attribute matches in an array of maps
Previously, I had the following rule:
allow read: if request.auth.token.email in resource.data.shareWith;
Now, that the data structure changed and shareWith is no longer an array of email addresses, ...
- 5,162
1
vote
1
answer
118
views
Firestore Security Rules: Getting all docs with field-specific "where"-query
Goal/intention
The rule should grant access to a user document (which contains some personal information like email address) and also its subcollections for movie and tv watchlists, in case the user ...
- 5,162
1
vote
1
answer
50
views
Getting read access for subcollections of specific document in case a field matches in the main document only
I have the following rules in Cloud Firestore:
match /users/{userId}/{documents=**} {
allow read: if request.auth.token.email in resource.data.shareWith;
// allow read: if resource.data.test == ...
- 5,162
0
votes
3
answers
94
views
Nested Firestore Security Rule For Write Access Not Working
These are all the rules I'm currently using:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if request.auth != null; ...
- 5,162
1
vote
1
answer
42
views
Firebstore rules - Check SubCollection exist
I have a collection of musics. They can contain a subcollection of notes.
I would like to prevent deletion if any notes exists
I tried
match /databases/{database}/documents {
match /musics/{musicId} {...
- 1,066
-1
votes
1
answer
74
views
How to secure firebase realtime database rules? [closed]
I have a simple program to show real-time postview counts. But in Firebase, it says
Your security rules are defined as public, so anyone can steal, modify, or delete data in your database
Every ...
0
votes
1
answer
36
views
Different Firebase Rules for different mobile apps
I am new to firebase and would like to know if it's possible to write different set of rules for different apps that have access to same firebase database.
For example:
Users of App A should be able ...
0
votes
2
answers
81
views
Firestore security rules error: [code=permission-denied]: Null value error. for 'list'
I'm writing my security rules for my Firebase chat app, but I'm getting the following error while using firebase emulators:
Uncaught Error in snapshot listener: FirebaseError: [code=permission-denied]...
- 5,221
0
votes
1
answer
71
views
Firebase storage security rules accessing Firestore - Invalid function name: get
I'm writing Firebase Storage security rules to ensure that only the user who created a specific order can access the associated files. However, when I deploy the rules using firebase deploy --only ...
- 5,221
0
votes
1
answer
38
views
Does Firebase security rules language support variable prop name?
I have a Firebase Auth custom claim that look like this:
{
"orgRoles": {
"my-org-1": "member",
"my-org-2": "owner",
"my-org-3":...
- 2,938
1
vote
1
answer
96
views
Firebase Storage permission error when security rules get document from Firestore
FirebaseError: Firebase Storage: User does not have permission to access 'vehicles/LwDaUZiAn8WIfye5Oj6S/backgroundPic'. (storage/unauthorized)
I am completly stuck with firebase rules. It's not ...
- 13
-1
votes
1
answer
86
views
Issues With Firebase Rules Configuration
I am attempting to make a basic forum/chat site for myself as a fun project. I have been having several issues pertaining to the rules configuration for firebase.
Here is some example code that i have ...
1
vote
2
answers
58
views
Messages snapshot error: FirebaseError: Missing or insufficient permissions. Request when trying to make a messaging system for my website
Here's the full console:
logindex.js:81 Messages snapshot error: FirebaseError: Missing or insufficient permissions.
eval @ index.js:81
eval @ index.esm2017.js:17548
setTimeout
pu @ index.esm2017.js:...
- 21
0
votes
1
answer
108
views
For Firebase Firestore database, is there a way to limit the number of documents in a collection? I could not find a Firebase Security rule for this
As you know, your API keys are exposed on the front end.
Let's say I want to prevent someone from maliciously flooding a collection with documents. If I don't use App Check, is there a way to restrict ...
- 11
0
votes
1
answer
135
views
How would I define a firebase rule for a collection group query
I'm using firestore. It requires security rules.
Here is the actual query I'm running against the collection group:
const db = getFirestore(app);
const MainCollection = collectionGroup(db, "list&...
- 2,129
0
votes
1
answer
79
views
Firebase Firestore rules with count [closed]
Can someone demonstrate how to use the count() function in a Firestore Security Rules to limit the number of documents created?
This is my current code, but it is now working:
match /doc/{docId}{
...
1
vote
1
answer
78
views
Firebase Storage security rules: get() to Realtime Database dont work
I’m trying to create a Firebase Storage rule that only allows access to files under /approved/ if the user has a permission: true field in the Realtime Database, located at this path:
/Users/{uid}/...
- 15
0
votes
1
answer
64
views
How do I specify Firebase Rules to allow an Admin user, in the same organization, be able to read documents belonging to other users
I have collections:
users
files
(though there could be many different collections beyond files).
Both have an email field, both have an organization field.
I am looking to allow Admin users to read ...
- 1
0
votes
2
answers
72
views
cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation
I am trying to setup my security rules for my cloud firestore and just can't figure out the problem.
This is my code
Future<List<Document>> getDocumentsForGroup(String groupId) async {
...
- 3
0
votes
1
answer
55
views
Firestore rules related with User Custom Claims
I'm having issues on some conditions on my firestore rules.
On my use case I have 2 types of users with different custom claims:
One user has customerId and sites (array)
Other user has customerIds
...
- 15
0
votes
1
answer
68
views
Firestore says operation is not permitted but still returns documents
I have these firebase rules
service cloud.firestore {
match /databases/{database}/documents {
match /organizations/{organizationId} {
allow create: if request.auth.token.superUser == true;
...
- 2,121
0
votes
1
answer
86
views
Unable to configure security rules properly with FlutterFlow+Firebase (ListView)
I'm building an app with FlutterFlow that will be used by various companies. I'm having trouble setting up the security rules for an app that will be used by various companies.
My environment is:
...
0
votes
1
answer
47
views
Firebase Security Rules - Does allow get: rule prevent document data from being read? - allow get: versus allow read:
I've been working on cleaning up some of my Firestore database rules and have a question regarding the difference between...
allow get: if request.auth == null;
and
allow read: if request.auth != ...
- 263
2
votes
1
answer
136
views
Firebase Error saving rules - Line 14: String can't contain ".", "#", "$", "/", "[", or "]"
I hava a firebase realtime database in an app with the following format:
{
"level_1": {
"entry_01_06_2024_09_47_20_xw": {
"co2_score": -276,
"date&...
- 717
0
votes
1
answer
46
views
How to Restrict Firebase Realtime Database Access to Specific Query Parameters?
I have a domain whitelist system to verify whether a site's domain is included in my whitelist. If a domain is on the list, it means the theme is verified and purchased. Otherwise, the code should not ...
0
votes
2
answers
109
views
Firestore database rule always returns "missing or insufficient permissions" when accessing document fields
Rephrased entire question on your suggestion.
I have this setup in my firestore database:
I'd like to query the "incidents" collection and get back all documents that have my ID in the &...
- 17
1
vote
1
answer
49
views
Can't understand why get Permission denied error
I can't understand why I get permission denied error for below code.
stream = FirebaseFirestore.instance
.collection('events')
.doc(widget.event.id)
.collection('...
- 13
2
votes
1
answer
85
views
Next.js fails to upload image to firebase
I am trying to upload images to firebase firestorage from our Next.js app. We already have our firebase firestorage credentials set up in our environment variables, and I believe we have initiated ...
1
vote
1
answer
45
views
How do I check the equality of a Firestore Reference in Firestore Security Rules?
For background, our database has a letterbox collection with a field called members, an array storing Firestore references to our users collection. In security rules, we need to check whether a user ...
- 11
0
votes
1
answer
56
views
Error saving item to Firestore: Missing or insufficient permissions
I am trying to upload an image to the Firebase storage and then write it into Firestore database.
func storeMarketplaceItem() {
guard let userId = Auth.auth().currentUser?.uid else {
...
- 169
0
votes
1
answer
318
views
How to access a non-default Firestore Database in Firebase Storage Rules?
When writing rules for Firebase Storage, I get a warning that the parameter for firestore.get must always start with /databases/(default)/documents, like this:
firestore.get(/databases/(default)/...
- 3
0
votes
1
answer
60
views
Firebase database rules don't apply to collection
I am trying to limit rules for my database from the iOS SDK. I want users to be able to read any collection. However they should not be able to write to the collections specified below. But the users ...
- 47
1
vote
1
answer
74
views
How can I create a firestore security rule that allows only "count" aggregation queries?
I wish users to be able to query how many documents match a given where clause, without resorting to Cloud Functions, and without them being allowed to retreive the document content.
For example, ...
- 27.7k
0
votes
2
answers
88
views
How to secure Firebase Realtime Database rules for in-app messaging between users and business profiles
I am very new to coding and I have trouble writing Firebase Realtime Database rules for my project.
I am using it for real-time in-app messaging.
Before going through the code, let me briefly explain ...
- 1
0
votes
1
answer
92
views
firestore.rules allow read of single document only
I'm building a webapp where users can create rooms and join rooms of others. My goal is for users to be able to retrieve any room they have the ID of, but only list rooms they are already a member of. ...
0
votes
1
answer
106
views
firebase realtime database PERMISSION_DENIED
So I am trying to create a chat app, using firebase (unfortunately) Realtime-DB, but I am getting error:
Error sending message: PERMISSION_DENIED: Permission denied
so this sounded easy at the begging ...
- 46
0
votes
1
answer
42
views
firebase firestore rules not affecting
I have a DB like this:
I want logged in users to be able to read and write to this collection. I also want users who are not logged in to only read this collection..
here is my code
service cloud....
- 3,106
0
votes
1
answer
50
views
How to read data from collection to another collection in firebase rules and flutter
I try to make manual rules I have two collection one to save data of user like phone , email ...ect name (user_registration) and other collection name SlideShow have also many of field data. So now ...
- 469
1
vote
1
answer
30
views
firestore rules across multiple databases returning permission denied
I am trying to configure firestore rules so that a user can only access information in a collection in a secondary database, when that collection's path contains an id stored in the (default) database....
- 11.1k