Skip to content

Getting local user id on request.auth.uid firestore rules #8420

New issue
New issue
Closed
Closed
Getting local user id on request.auth.uid firestore rules#8420
Labels
api: authneeds-attention
@abidali671

Description

@abidali671
abidali671
opened on Aug 12, 2024

Operating System

Windows 11

Browser Version

Chrome/127.0.6

Firebase SDK Version

10.8.0

Firebase SDK Product:

Auth, Firestore

Describe your project's tooling

Next js

Describe the problem

I'm getting a local user id on request.auth.uid firestore rules, instead of global user id,
Is there anything wrong with app config?

Steps and code to reproduce issue

import { initializeApp } from 'firebase/app';
import { getAuth } from 'firebase/auth';
import { getFirestore } from 'firebase/firestore';
import { getStorage } from 'firebase/storage';

export const firebaseConfig = {
  apiKey: KEY,
  authDomain: DOMAIN,
  projectId: PROID,
  storageBucket: BUCKET,
  messagingSenderId: SENDERID,
  appId: APPID,
  measurementId:MID
};

const app = initializeApp(firebaseConfig);
export const db = getFirestore(app);
export const storage = getStorage();
export const auth = getAuth(app);
rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {  
  
    match /schedules/{schedule} {
      allow read: if true;
      allow create, update, delete: if isLogin() && isSuperAdmin();
      allow create, update, delete: if isLogin() && isAdmin('departments', resource.data.departmentId)
    }

    match /departments/{department}{
    	allow read, create, update, delete: if isLogin() && isSuperAdmin();
      allow read, update, delete: if isLogin() && isAdmin('departments',department);
    }
    
    match /facilities/{facility}{
    	allow read, create, update, delete: if isLogin() && isSuperAdmin();
      allow read, update, delete: if isLogin() && isAdmin('facilities',facility);
    }
    
    match /employees/{employee} {
      allow read, write: if true;
    }
    
    match /users/{user} {
      allow read, write: if true;
    }
    

    // Custom Functions
    function isLogin(){
			return request.auth != null
  	}
    
  	function isSuperAdmin (){
    	let superAdmin = get(/databases/$(database)/documents/users/$(request.auth.uid)).data.superAdmin;
  		return superAdmin == true
  	}
    
    function isAdmin(collection,id) {
      return get(/databases/$(database)/documents/$(collection)/$(id)).data.adminIds.hasAny([request.auth.uid]);
    }
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    api: authneeds-attention

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions