Recently, I came across some TypeScript React code that fetches a firestore collection using react-firebase-hooks. Here's the snippet:
const [membersSnapshot, loading, error] = useCollectionData(
query(
collection(db, USERS_COLLECTION).withConverter(UserConverter.prototype),
where(UserFields.FamilyId, "==", familyId)
)
);
console.assert(error === undefined, error);
Initially, everything worked fine without any rules in place.
However, when I added a specific rule to the code, things started to go wrong. Here is the excerpt of the rule implementation:
function getUser() {
return getUserData(request.auth.uid);
}
function getUserData(userId) {
return get(/databases/$(database)/documents/users/$(userId)).data;
}
function isSignedIn() {
return request.auth != null;
}
function inSameFamily(userId) {
return getUser().familyId == getUserData(userId).familyId;
}
match /users/{userId} {
allow read: if isSignedIn() && request.auth.uid == userId || isSignedIn() && inSameFamily(userId);
}
After implementing this rule, an assertion failed with the message "FirebaseError: Missing or insufficient permissions." This issue has left me puzzled and unsure of the root cause.
In an attempt to fix the problem, I modified the where condition as follows:
where(UserFields.Email, "==", userEmail)
Despite these changes, the expected outcome did not materialize, leading to failure even when trying to access the user data directly.