Ad

How To Check The Path In A Reference In A Security Rule?

I want to check that a resource has a reference to a user document when creating it, but I don't need to actually get() the object. Is this possible?

I know I can call exists() or get() but I really only care that the path is correct (that its for /users/${auth.uid}). This is for Firestore.

I would like to do something like:

allow create: if request.resource.userRef == '/users/${request.auth.uid}'

Although I know that is not possible.

Ad

Answer

I'm assuming that you're trying to check if the document contains the user's uid as the value of userRef field and the user with the corresponding uid exists in your users collection before saving the document.

In that case you need to make 2 checks.

1) Check if the user exists in users collection

2) Check if the document contains the user's uid in the userRef field of the document

//Get the user using uid
function getUser() {
   return (get(/databases/$(database)/documents/users/$(request.auth.uid)).data);
}

//Check if user exists
function isValidUser(user) {
        return (user != null);
}
// Check access for your collection 
match /YourCollection/{id} {
        allow create: if (isValidUser(getUser()) && request.resource.data.userRef == getUser().uid);
}

Hope that solves your problem.

Ad
source: stackoverflow.com
Ad