Firestore Rules - dynamic path

[da...@thriveweb.com.au]

Hello,

I am trying to create a dynamic connection in Firestore's Rules.

I have a users collections and a roles collections, each user in the users collection has a 'string' field which matches the firebase generated ID for the corresponding role in the roles collection.

In order to achieve this I am trying to dynamically get the ID and then retrieve the appropriate data from the role.

My code is as follows:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{collections}/{collection=**} {
        function getRole() {
            return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role;
        }

        function getPermissions(role) {
            return get(/databases/$(database)/documents/roles/$(role)).data.test;
        }

        allow read: if true;

        // Role equals to 12345
        // allow write: if getRole() == 12345; <-- THIS WORKS
        // allow write: if getPermissions(12345) == true; <-- THIS WORKS
        // Need to put dynamic getRole() which equals to 12345 inside of getPermissions() 
        // instead of the static 12345

        // THIS DOES NOT WORK           
        allow write: if getPermissions(getRole()) == true;
    }
  }

}

A potential reason why this is not working is that the get() functions are asynchronous and do not wait for the previous one to finish hence why it can't use its data.

Any help would be greatly appreciated. Open to workarounds, data structure changes, etc...

Cheers

[l...@nuvopoint.dk]

That should work though, and I doubt they are asynchronous, as I'm using nested functions in my own rules.

Have you simplified the above example? - Because I believe there is a hard limit on 3 get() requests per rule lookup.

Lars

[Samuel Stern]

Actually we raised those limits somewhat recently:

https://firebase.google.com/docs/firestore/quotas#security_rules

So you can now do 10 get()/exists()/getAfter() in a single request.  However you should still try to minimize these calls as it costs both money and time to access other documents during rules.

- Sam

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/16370e04-b36b-40e1-ad81-a89a4c2cade0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[da...@thriveweb.com.au]

If anyone is interested... the issue was not my code but the firebase rules simulator which I was basing my tests off of.