Ad

How To Access The Requesting User's Data In Firestore

in my firestore, i have a boolean field called admin for the user documents in my users collection. when true, that user can read other user accounts. but how can i access that field in firestore.rules?

this doesn't work, but gets the idea across of what i am looking to do

allow get: if request.auth.uid.data.admin == true

the only data i see accessed in the documentation, is fom the resource being accessed. which would mean each user would have an admins array of every admin referenced in it, which would be a nightmare to maintain

Ad

Answer

It sounds like you're trying to use data from another document than the one that is being read. If you have a /users collection with a document for each user stored under their UID, then:

allow get: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true

So this gets the user's document, and then check if there's an admin field in there that has the value of true.

Ad
source: stackoverflow.com
Ad