Company logo
  • Jobs
  • Bootcamp
  • About Us
  • For professionals
    • Home
    • Jobs
    • Courses
    • Questions
    • Teachers
    • Bootcamp
  • For business
    • Home
    • Our process
    • Plans
    • Assessments
    • Payroll
    • Blog
    • Calculator

0

59
Views
How safely show publicly UID of firestore sub-collection

I have the following firestore db structure (image 1). I want (unauthenticated) users of my web app to be able to see each plumber public profile which contains reviews (image 2) they get from the won jobs. My question is how could i safely expose UID of each user who has made one of those reviews. Hopefully my question makes sense.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;
    }
  }
}

db structure the ui i want to archive

7 months ago · Juan Pablo Isaza
1 answers
Answer question

0

If you want to allow users to read/write their own user document and allow anyone to read their reviews, try these rules:

rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
      allow read, update: if request.auth.uid == userId;
      
      match /reviews/{reviewId} {
        allow read: if true;
        allow write: if request.auth.uid == resource.data.userId
      }
    }
  }
}

Here only the poster of review and write (update/delete) it and any unauthenticated users can read them. However they cannot access the User document.

You can read more about security rules in the documentation.

7 months ago · Juan Pablo Isaza Report
Answer question
Find remote jobs

Discover the new way to find a job!

Top jobs
Top job categories
Business
Post job Plans Our process Sales
Legal
Terms and conditions Privacy policy
© 2023 PeakU Inc. All Rights Reserved.