I'm building a webapp where users can create rooms and join rooms of others. My goal is for users to be able to retrieve any room they have the ID of, but only list rooms they are already a member of. (uid in room.participant_uids)
My firestore.rules so far succeed in restricting access based on participant.ids:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
match /users/{uid} {
allow read: if request.auth.uid == uid;
}
match /rooms/{id} {
allow read: if request.auth.uid in resource.data.participant_uids;
}
}
}
However I would like another rule that allows reading of a document only when retrieving a single document by id.
I can solve this with a Firebase function if it is not possible, but I'd like to do without.
You can use get to specify a rule that applies to single document access. If you want anyone (authenticated or not) to be able to get a single "rooms" document:
match /rooms/{id} {
allow get: true;
allow read: if request.auth.uid in resource.data.participant_uids;
}
You may want to require authentication or some other requirements.
See the documentation for granular access for more details.