Firestore Rules for Admin

Database & APIs

Hello and have a nice day!
I apologize in advance if I’m posting this in the wrong section.

I’m trying to solve an issue with Firebase security rules for admin access. My goal is to allow an admin user to edit other users' data in the Firestore database.

When a new user registers, they automatically get the "client" role. I want admins to be able to change this role to "employer", but I keep getting a "Missing or insufficient permissions" error.

I’ve tried using ChatGPT, Gemini, and other tools, but I still haven’t been able to make it work.

Any help or advice would be greatly appreciated!

Thank you.

What have you tried so far?

// pomocná funkcia

function isAdmin() {

return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "admin";

}

// pravidlá pre kolekciu používateľov

match /users/{uid} {

// každý si môže čítať len svoj vlastný dokument

allow read, update: if request.auth != null && request.auth.uid == uid;

// admin môže čítať/meniť hocikoho

allow read, write: if isAdmin();

// nikto si nemôže meniť rolu

allow update: if !( "role" in request.resource.data );

}

Did you check FlutterFlow's Documentation for this topic?

4 replies