Firestore security rules: Function [get] called with malformed path
Cloud Firestore Rule
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /admins/{document=**} {
allow read, write: if true;
}
match /{userId}/{document=**} {
allow read, write: if request.auth.uid == userId || get(/databases/$(database)/documents/$(userId)/users/$(request.auth.token.email)).exists;
}
}
}
Details provided in Rules Playground of Cloud Firestore
Simulation type: get
Location: /databases/(default)/documents/cTgy9W6Zt2dShSgqig2ToeYLEzt2/products
Authenticated: True
Authentication Payload
{
"uid": "dQkped8ggvUv6iHfI9kVD7Vrnlf2",
"token": {
"sub": "dQkped8ggvUv6iHfI9kVD7Vrnlf2",
"aud": "undefined",
"email": "abc@example.com",
"email_verified": false,
"firebase": {
"sign_in_provider": "password"
}
}
}
Error
Function [get] called with malformed path: /databases/(default)/documents/cTgy9W6Zt2dShSgqig2ToeYLEzt2/users/abc@example.com
You need to pass a Document path to the get() method.
As explained in the doc: "The get() and exists() functions both expect fully specified document paths."
With
/databases/$(database)/documents/$(userId)/users/$(request.auth.token.email)
you are actually passing a Collection path (3 elements).
You need to change your data model or add a document in the abc@example.com subcollection to point to.
In addition I think you're mixing up the get() and exists() functions.
The get() method returns a rules.firestore.Resource which does not have an exists property.
So doing get(**path**).exists cannot work. You should either use exists() to check if a specific document exists or use get() to check the value of a field of the specific document through the data property.
- Firebase Functions "cannot determine backend specification"
- Error "The term 'flutterfire' is not recognized as the name of a cmdlet, function, script file, or operable program"
- Firebase login throws Error: spawn cmd ENOENT in NodeJS
- Is it secure to use an .env file to store API keys in Firebase Cloud Functions instead of Google Secret Manager?
- java.lang.IllegalAccessError: superclass access check failed: class org.jetbrains.kotlin.kapt3.base.javac.KaptJavaCompiler?
- Flutter Web not building because of Firebase Analytics and Firebase Remote Config
- How to upload dsyms files which developed with Flutter?
- CORS on firebase storage
- Swift pods cannot yet be integrated as static libraries FirebaseCoreInternal-library
- web - readAsBytes throws Unsupported operation: _Namespace
- Firebase deployed react app not working. Uncaught SyntaxError: Unexpected token '<'
- Read data from Firebase created by loggedin user - Flutter
- Module '"@angular/fire/messaging"' has no exported member 'AngularFireMessaging'.ts(2305)
- firebase.auth().useEmulator() takes a non-empty string URL
- Calling for specific field inside document by using query in firestore using reactJs
- Firebase Firestore client cannot be deployed
- Firebase Function v2 Cors blocked
- Firebase Cloud Function: & Flutter: Cannot use https callable function on emulators [firebase_functions/unavailable] UNAVAILABLE
- Can't upload files to firebase cloud storage. Error: "No objects exists with the desired reference"
- Which service account is used when running Firebase Cloud Functions?
- Search by pattern on Cloud Firestore collection
- Is there a way to have a collection directly under another collection in Firestore Database?
- firebase deploy --only functions overrides existing functions
- How to Use the Vertex API With Long Text Prompts
- Can't init firebase cloud storage due to cloud resource location
- Firestore iOS: caching offline writes only
- Is there a workaround for the Firebase Query "IN" Limit to 10?
- Firestore saves data locally on device but does not push to Firebase Console
- How can i prevent from Login component render when Firebase Authentication hasn't yet determined
- Firebase Error: Auth error from APNS or Web Push Service