I have a collection called "connections" and a subcollection called "messages". The connections document contains a list field called "authorized_uids" and messages needs to filter access to these documents based on that field.
When I tag users on the connections collection there is no problem but tagging users on the messages subcollection turns my auth uid into a user reference. Which is not correct and will not work.
match /connections/{document} {
allow create: if false;
allow read: if request.auth.uid in resource.data.authorized_uids;
allow write: if request.auth.uid in resource.data.authorized_uids;
allow delete: if false;
}
match /connections/{parent}/messages/{document} {
allow create: if /databases/$(database)/documents/users/$(request.auth.uid) in get(/databases/$(database)/documents/connections/$(parent)).data.authorized_uids;
allow read: if /databases/$(database)/documents/users/$(request.auth.uid) in get(/databases/$(database)/documents/connections/$(parent)).data.authorized_uids;
allow write: if /databases/$(database)/documents/users/$(request.auth.uid) in get(/databases/$(database)/documents/connections/$(parent)).data.authorized_uids;
allow delete: if false;
}I think it's clear that should be:
match /connections/{document} {
allow create: if false;
allow read: if request.auth.uid in resource.data.authorized_uids;
allow write: if request.auth.uid in resource.data.authorized_uids;
allow delete: if false;
}
match /connections/{parent}/messages/{document} {
allow create: if request.auth.uid in get(/databases/$(database)/documents/connections/$(parent)).data.authorized_uids;
allow read: if request.auth.uid in get(/databases/$(database)/documents/connections/$(parent)).data.authorized_uids;
allow write: if request.auth.uid in get(/databases/$(database)/documents/connections/$(parent)).data.authorized_uids;
allow delete: if false;
}By the way...
Doesn't this mean when I load a "connection" and then query the subcollection (infinite scroll) every single "messages" document will have to re-query the same parent over and over again. I thought the benefit of the subcollection would be that I already have access to the parent, that's all I need, I have access so don't double check every document.
Right?
People are saying there's no benefit to using subcollections at all. Is this a flutterflow limitation or is it foundational to the way firebase works.
I know I can overcome all of this by saying "No one" can do anything on these documents. Then implement my own custom functions and interact with these documents on the backend. Which is what I plan to do.
However... I am concerned about the read operation specifically. Since I need real-time updates from firebase in flutterflow. I don't believe I can use those from within a custom function. Thank you for your help!