Firestore Security Rules Help

Hi,

I have been following the todo list app tutorial on appgyver. Everything worked until I tried to make the firestore security rules only allow the person logged in to see their own to do lists. Please help me what is wrong with the code.

Please share the link of the todo list app tutorial on appgyver i am not able to find it.

@Emmanuel_Chigwedere , Is what you are seeing similar to the struggle we are discussing in this post as well Firestore; security rules : if request.auth != null; - #8 by stayfoolish ?

its the example used in this tutorial about the firebase connector

Its similar to it but not exactly the same. I simply want to restrict a user to see only their items in my app. Currently what is working is it shows everything to everyone logged in.

Hi, you could do the following.

Firebase
add a new field called userId to the todos collection’s documents:

Then populate the userId with the uid value such as below:

Appgyver

Add a filter condition for the data variable

image

currentUserID is an App variable that has the uid of the logged in user.

All the best

Thanks for sharing this approach and introducing the ‘filter condition’ for the Data Variables!

While it looks well to the user, we should still keep in mind that with this set-up the user data might not be protected against abuse. This is because a hacker can modify the request and the firebase security rules will continue to give acces to all data :thinking:

1 Like