dbRef = db.collection("organization").doc(organization).collection(course).doc(courseId).collection("meetings"); This query attempts to fetch all documents under meeting collection.

There is a possibility that the above query will fetch documents where designation != 'Teacher' && courseId != course;

Therefore it will fail.

From firestore rules docs

if you have this rule:

match /stories/{storyid} {
  // Only the authenticated user who authored the document can read or write
  allow read, write: if request.auth != null && request.auth.uid == resource.data.author;
}

and this request db.collection("stories").get().

The query fails even if the current user actually is the author of every story document. The reason for this behavior is that when Cloud Firestore applies your security rules, it evaluates the query against its potential result set, not against the actual properties of documents in your database. If a query could potentially include documents that violate your security rules, the query will fail.

the following query succeeds, because it includes the same constraint on the author field as the security rules:

var user = firebase.auth().currentUser;
db.collection("stories").where("author", "==", user.uid).get()

NB: playground can only test for document gets (not list collection).

Possible solution. You can write your query in such a way that it can never return the wrong document.

Something like this. When a student is enrolled to take a meeting (or course), add his uid to that meeting's document. doc = {student_ids = [uidofstudent1, uidOfStudent2, ...]}.

Then you can query like this:

db
    .collection("organization")
    .doc(organization)
    .collection(course)
    .doc(courseId)
    .collection("meetings")
    .where('student_ids', arrayContains: studentUid);

Your firestore rules can be something like this:

match /organisation/{org}/{course}/{courseId}/meetings/{meet=**} {
  allow read: if request.auth.uid in resource.data.student_ids || 
    isTeacher(request.auth.uid);
}