I have a collection in my firestore named "reports"
one of the fields in the reports map is an array of objects. These objects reference a photo in cloud storage. They look like this (url points to cloud storage):
{
id: uid value
url: some-url
}
my firebase rules are set up like this for the reports document:
match /databases/{database}/documents {
match /reports/{report} {
allow read: if request.auth != null && request.auth.uid == resource.data.userID;
allow create: if request.auth != null && request.resource.data.userID == request.auth.uid;
allow delete, update: if request.auth != null &&
request.auth.uid == resource.data.userID;
}
}
for some reason, I can delete the entire document if I want to proving that I have delete permission.....but when I attempt to delete an item from the photos array like this:
const reportRef = db.collection('reports')
reportRef.doc(activeReport.id).update({
photos: firebase.firestore.FieldValue.arrayRemove(photoToDelete)
})
I end up with an error stating:
Unhandled promise rejection: FirebaseError: Missing or insufficient permissions
Why? Haven't I given permission to update this document properly?
Go in Database -> Rules ->
For development:
Change allow read, write: if false; to true;
Note: It's a quick solution for development purposes only because it will turn off all the security. So, it's not recommended for production.
For production:
If authenticated from firebase: Change allow read, write: if false; to request.auth != null;
In this case it was a bad parameter that was passed in. I needed to pass activeReport not activeReport.id.
This is a misleading error message. I would delete this question but stackoverflow doesn't want me to because an answer has been posted here. Silly.