Firebase rules - Simulator says yes, code says no











up vote
2
down vote

favorite
1












I'm working on a Flutter app using Firebase as a backed. I've set up group based roles in Firebase and the rules simulator in Firebase tells me the user I'm testing has access to the document. When I do a query in my Flutter code, I can see it finds the document and I can see it for a split second before it changes it mind and I get a "Listen for query at students failed: Missing or insufficient permissions." and the document is removed from the snapshot.



The query I use in the Flutter code is as follows: 



Firestore.instance.collection('students').where('test', arrayContains: userID).orderBy('name').snapshots()


I have been playing with the document and tried different approaches for the current user to query for the document, and just to test it out I created an array with the userId and look for that.



If I completely skip the rules and just put the "need to be logged in" as requirement then I get a document back but as soon as I use the role based one then it's back to the drawing board. The rules I've set up are:



service cloud.firestore {

  match /databases/{database}/documents {

     match /students/{student} {

        function isSignedIn() {

          return request.auth != null;

        }

        function getRole(rsc) {

          return rsc.data.roles[request.auth.uid];

        }

        function isOneOfRoles(rsc, array) {

          return isSignedIn() && (getRole(rsc) in array);

        }

        allow read, write : if isOneOfRoles(resource,['teacher', 'student', 'parent']);

     }

  }

}


Any idea what's causing this?






firebase flutter google-cloud-firestore firebase-security-rules







share|improve this question




























    up vote
    2
    down vote

    favorite
    1












    I'm working on a Flutter app using Firebase as a backed. I've set up group based roles in Firebase and the rules simulator in Firebase tells me the user I'm testing has access to the document. When I do a query in my Flutter code, I can see it finds the document and I can see it for a split second before it changes it mind and I get a "Listen for query at students failed: Missing or insufficient permissions." and the document is removed from the snapshot.



    The query I use in the Flutter code is as follows: 



    Firestore.instance.collection('students').where('test', arrayContains: userID).orderBy('name').snapshots()


    I have been playing with the document and tried different approaches for the current user to query for the document, and just to test it out I created an array with the userId and look for that.



    If I completely skip the rules and just put the "need to be logged in" as requirement then I get a document back but as soon as I use the role based one then it's back to the drawing board. The rules I've set up are:



    service cloud.firestore {
    
  match /databases/{database}/documents {
    
     match /students/{student} {
    
        function isSignedIn() {
    
          return request.auth != null;
    
        }
    
        function getRole(rsc) {
    
          return rsc.data.roles[request.auth.uid];
    
        }
    
        function isOneOfRoles(rsc, array) {
    
          return isSignedIn() && (getRole(rsc) in array);
    
        }
    
        allow read, write : if isOneOfRoles(resource,['teacher', 'student', 'parent']);
    
     }
    
  }
    
}


    Any idea what's causing this?






    firebase flutter google-cloud-firestore firebase-security-rules







    share|improve this question


























      up vote
      2
      down vote

      favorite
      1









      up vote
      2
      down vote

      favorite
      1






      1





      I'm working on a Flutter app using Firebase as a backed. I've set up group based roles in Firebase and the rules simulator in Firebase tells me the user I'm testing has access to the document. When I do a query in my Flutter code, I can see it finds the document and I can see it for a split second before it changes it mind and I get a "Listen for query at students failed: Missing or insufficient permissions." and the document is removed from the snapshot.



      The query I use in the Flutter code is as follows: 



      Firestore.instance.collection('students').where('test', arrayContains: userID).orderBy('name').snapshots()


      I have been playing with the document and tried different approaches for the current user to query for the document, and just to test it out I created an array with the userId and look for that.



      If I completely skip the rules and just put the "need to be logged in" as requirement then I get a document back but as soon as I use the role based one then it's back to the drawing board. The rules I've set up are:



      service cloud.firestore {
      
  match /databases/{database}/documents {
      
     match /students/{student} {
      
        function isSignedIn() {
      
          return request.auth != null;
      
        }
      
        function getRole(rsc) {
      
          return rsc.data.roles[request.auth.uid];
      
        }
      
        function isOneOfRoles(rsc, array) {
      
          return isSignedIn() && (getRole(rsc) in array);
      
        }
      
        allow read, write : if isOneOfRoles(resource,['teacher', 'student', 'parent']);
      
     }
      
  }
      
}


      Any idea what's causing this?






      firebase flutter google-cloud-firestore firebase-security-rules







      share|improve this question















      I'm working on a Flutter app using Firebase as a backed. I've set up group based roles in Firebase and the rules simulator in Firebase tells me the user I'm testing has access to the document. When I do a query in my Flutter code, I can see it finds the document and I can see it for a split second before it changes it mind and I get a "Listen for query at students failed: Missing or insufficient permissions." and the document is removed from the snapshot.



      The query I use in the Flutter code is as follows: 



      Firestore.instance.collection('students').where('test', arrayContains: userID).orderBy('name').snapshots()


      I have been playing with the document and tried different approaches for the current user to query for the document, and just to test it out I created an array with the userId and look for that.



      If I completely skip the rules and just put the "need to be logged in" as requirement then I get a document back but as soon as I use the role based one then it's back to the drawing board. The rules I've set up are:



      service cloud.firestore {
      
  match /databases/{database}/documents {
      
     match /students/{student} {
      
        function isSignedIn() {
      
          return request.auth != null;
      
        }
      
        function getRole(rsc) {
      
          return rsc.data.roles[request.auth.uid];
      
        }
      
        function isOneOfRoles(rsc, array) {
      
          return isSignedIn() && (getRole(rsc) in array);
      
        }
      
        allow read, write : if isOneOfRoles(resource,['teacher', 'student', 'parent']);
      
     }
      
  }
      
}


      Any idea what's causing this?






      firebase flutter google-cloud-firestore firebase-security-rules




      firebase flutter google-cloud-firestore firebase-security-rules






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 12 at 21:39









      Doug Stevenson

      65.2k77897




      65.2k77897










      asked Nov 12 at 21:28









      Joe

      113




      113





























          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53270365%2ffirebase-rules-simulator-says-yes-code-says-no%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53270365%2ffirebase-rules-simulator-says-yes-code-says-no%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Biblatex bibliography style without URLs when DOI exists (in Overleaf with Zotero bibliography)

          Image
          2 2 I have a Zotero bibliography in Overleaf. I use biblatex . usepackage[backend=biber,citestyle=authoryear]{biblatex} addbibresource{zoteroALH.bib} Bibliography entries look like: @book{de_saint-gervais_uniformization_2016, title = {Uniformization of {Riemann} {Surfaces}}, isbn = {978-3-03719-145-3}, url = {https://www.ems-ph.org/books/book.php?proj_nr=198&srch=series%7Chem}, urldate = {2019-02-03}, author = {de Saint-Gervais, Paul Henri}, year = {2016}, doi = {10.4171/145} } In the bibliography down the paper the reference shows like this: There is the DOI, great, but also the URL which is unnecessary when the DOI is there. How can I remove the URL when the DOI is present? biblatex bibliographies overleaf zote
          Read more

          ComboBox Display Member on multiple fields

          Image
          2 I'm trying to set the .DisplayMember property of a ComboBox in C#, but I want to bind it to multiple columns in the .DataSouce . My SQL looks like this: SELECT PersNbr, PersFirstName, PersMiddleName, PersLastName FROM Pers WHERE PersNbr = :persNbr; I'm saving this query in a DataTable so each column selected has it's own column in the Datatable . I want to make the .DisplayMember a combination of PersFirstName + PersMiddleName + PersLastName so their full name appears like this: comboBox.DisplayMemeber = "PersFirstName" + "PersMiddleName" + "PersLastName" I know I can just to this on the query: SELECT PersNbr, (PersFirstName || PersMiddleName || PersLastName) PersName and then just do this: comboBox.DisplayMember = "PersName"; but I
          Read more

          Is it possible to collect Nectar points via Trainline?

          Image
          2 Since I am not eligible for any Railcard, the only available discount/bonus scheme is Nectar Card for me. GWR, SWR, LNER and Virgin Trains allow to collect Nectar points and I have already linked a card to my GWR account. A friend suggested me to use Trainline App, because it can search for bus tickets either. I had a look at the application, but could not see any option for Nectar. Is there a way to collect Nectar points when I buy tickets via Trainline? uk trains loyalty-programs trainline share | improve this question asked Dec 2 '18 at 15:50 ahmedus 3,224 5 19 49
          Read more