Hello all!
I am building an POS-system and I am having trouble with firestore rules. when I try to test my app it gives me notifications on all my querys saying its missing or has insufficient permissions. What I am trying to achieve is that the users can only see/create/write/delete their own documents. Every collection has its own field referring to the users collection ID and when a document is created the ID is linked to it.
So i am myself confused to where its going wrong. i'll display what the rules are now and what Chatgpt has told would work (which it does not obviously):
My flutterflow version using Tagged users -> users Doc Reference:
match /products/{parent}/Extras/{document} {
allow create: if request.resource.data.UserID == /databases/$(database)/documents/Users/$(request.auth.uid);
allow read: if resource.data.UserID == /databases/$(database)/documents/Users/$(request.auth.uid);
allow write: if resource.data.UserID == /databases/$(database)/documents/Users/$(request.auth.uid);
allow delete: if resource.data.UserID == /databases/$(database)/documents/Users/$(request.auth.uid);
}
what the ai suggested:
request.resource.data.UserID == request.auth.uid
I am searching for help to what i need to set my rules to so that it is not missing permission.
Open to all suggestions!
thank you