flutterfirebasegoogle-cloud-firestorefirebase-security

How to read data from collection to another collection in firebase rules and flutter

I try to make manual rules I have two collection one to save data of user like phone , email ...ect name (user_registration) and other collection name SlideShow have also many of field data. So now what I try to do I need make some rules like If user need make delete data from SlideShow colleection frist by firebase rules check if this user is available in collection user_registration by field name (Uid) and if he has the rules of the (admin) by field name role.

I try to make it like this:

match /SlideShow/{SlideShowId} {
  allow read: if true; 
  allow write, update, delete: if get(/databases/$(database)/documents/user_registration/$(request.resource.data.Uid)).data.role == 'admin';
}

and flutter code:

  Future deleteItem( ) async {
    try {
   
      DocumentSnapshot userDoc = await FirebaseFirestore.instance
          .collection('user_registration')
          .doc(Uid) 
          .get();

      if (userDoc['role'] == 'admin') { 
        QuerySnapshot querySnapshot = await FirebaseFirestore.instance
            .collection('SlideShow')
            .where('IDSlideShow', isEqualTo: int.parse(widget.IDSlideShow))
            .get();

        for (DocumentSnapshot docSnapshot in querySnapshot.docs) {
          await docSnapshot.reference.delete();
        }

        print('Documents deleted successfully.');
      } else {
        print('User does not have permission to delete.');
      }
    } catch (e) {
      print('Error deleting documents: $e');
    }
  }

but i get ervey time this error:

W/Firestore( 6815): (25.1.1) [WriteStream]: (9d81ab6) Stream closed with status: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}.
W/Firestore( 6815): (25.1.1) [Firestore]: Write failed at SlideShow/tfo1LvgdtZYOEVLawm1k: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
I/flutter ( 6815): Error deleting documents: [cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation.

this is image of (user_registration) collection enter image description here

and image of (SlideShow) collection

enter image description here

I did not add uid to SlideShow I need make user can delete any document he want.

So any one have solve to this problem?

Solution

  • The request.resource.data.Uid in your rule takes the value of the Uid field in the resource as it exists after the operation is completed (assuming it is allowed).

    Your SlideShow document doesn't have a Uid field, which is what your rule uses to determine the document to read from the user_registration collection. Since the field doesn't exist, this rule fails and the write is rejected.

    If you want to use the user_registration document for the currently signed in user, the expression for that is:

    request.auth.uid

    I recommend keeping the Firebase documentation on accessing authentication data in security rules handy while you're working on this.

    If you actually ever do need a field from the document in a delete rule, make sure to use the resource instead of request.resource. The latter is the document as it exists after the operation is completed (assuming it is allowed), which in the case of a delete operation means it'll be no document.