KPC
Kevin Powell - Community2y ago
Aleksandr M.

Firestore security rules for objects inside of the array

Hi everyone! In my Firestore, I have a collection called "items" and there are couple of documents inside. Some of these documents have "reviews" property, which is created by arrayUnion() called from my front-end and the objects inside of this array always have 4 properties, one of them is userId. In my front-end, I'm sending a get request to get the whole reviews array, like this: doc.data().reviews. How can I write my security rules so that userId is never returned no matter what? I asked ChatGPT to help me write the rules, but these doesn't work: 
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /items/{itemsID} {
      allow read: if true;
      allow write: if request.auth != null
      match /reviews/{review} {
        allow read: if true;
        allow write: if request.auth != null;
        match /userId {
          allow read: if false;
        }
      }
    }
  }
}
rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /items/{itemsID} {
      allow read: if true;
      allow write: if request.auth != null
      match /reviews/{review} {
        allow read: if true;
        allow write: if request.auth != null;
        match /userId {
          allow read: if false;
        }
      }
    }
  }
}
And my query looks like this (Typescript): 
export const fetchItems = createAsyncThunk("items/fetchItems", async () => {
  const querySnapshot = await getDocs(collection(db, "items"));
  const itemsArray: itemsType[] = [];
  querySnapshot.forEach((doc) => {
    itemsArray.push({
      id: doc.id,
      name: doc.data().name,
      type: doc.data().type,
      price: doc.data().price,
      description: doc.data().description,
      img: doc.data().img,
      reviews: doc.data().reviews,
    });
  });
  return itemsArray;
});
export const fetchItems = createAsyncThunk("items/fetchItems", async () => {
  const querySnapshot = await getDocs(collection(db, "items"));
  const itemsArray: itemsType[] = [];
  querySnapshot.forEach((doc) => {
    itemsArray.push({
      id: doc.id,
      name: doc.data().name,
      type: doc.data().type,
      price: doc.data().price,
      description: doc.data().description,
      img: doc.data().img,
      reviews: doc.data().reviews,
    });
  });
  return itemsArray;
});
2 Replies
Aleksandr M.
Aleksandr M.2y ago
Still haven't figured it out... ChatGPT says that it would be better for me to create a separate collection for reviews and somehow connect it together, but I feel that there might be more elegant solution.
Unknown User
Unknown User2y ago
Message Not Public
Sign In & Join Server To View
Want results from more Discord servers?
Add your server