Ad

Firestore Rules: Can We Access A Parent's Document Wildcare In Children Rules?

Let the following rules:

match /users/{user} {  // Do not specify any authentication for the read rule - Do not specify any delete rule
  allow create: if request.auth.uid != null && resource.data.login == "Anonymous" && resource.data.avatar_is_defined == false && resource.data.show_in_amounts_ranking == false && resource.data.amount == 0.0 && resource.data.deleted == false;
  allow update: if request.auth.uid != null && request.auth.uid == user && resource.data.deleted != true;
  allow read: if resource.data.deleted != true;

  match /seals/{seal} {  // Do not specify any delete rule
    allow create: if request.auth.uid != null && request.auth.uid == user && get(/databases/$(database)/documents/users/$(user)).data.deleted != true && resource.data.title != "";
    allow update: if request.auth.uid != null && request.auth.uid == user && get(/databases/$(database)/documents/users/$(user)).data.deleted != true && ((resource.data.title != "" && request.resource.data.amount > resource.data.amount) || (resource.data.title == "" && request.resource.data.amount == resource.data.amount));
    allow read: if get(/databases/$(database)/documents/users/$(user)).data.deleted != true;

Is it correct to use $(user) in the read rule of match /seals/{seal}, even if the wildcard {user} is defined in the parentmatch /users/{user}?

Ad

Answer

Yes, you can use wildcards from any outer match that's in scope, going all the way up to the top service scope. It works just like you would expect with most programming languages that have nested variable scope. Notice how $(database) also works fine, which was matched at a higher level.

Ad
source: stackoverflow.com
Ad