Firebase Firestore Prevent Client Side Creation Of Fields In A Document
I am struggling to find a solution to prevent clients from just creating random fields with values in a document where they have write access to in Firestore. Since you cannot rest
Solution 1:
As said in the Firebase Firestore documentation, you actually can prevent or allow writes or reads in certain fields. This can be achieved by adding a rule similar to this:
match /collection/{doc} {
allow update: if request.resource.data.field == resource.data.field;
}
Which would basically check if that specific field will have the exact same value after the update. You can also add rules to check if the requested value is between a range or equals to (your predefined value).
allow update: if request.resource.data.field > 0 && request.resource.data.field > 100;
Solution 2:
You can inspect the keys of the request.resource and only have it pass if it doesn't contain a field that you want to keep read-only (meaning that the request isn't trying to update that field). For example:
allow update: if !request.resource.data.keys().hasAny(['my_field'])
(Thanks to James Qualls for the inspiration!)
Post a Comment for "Firebase Firestore Prevent Client Side Creation Of Fields In A Document"