0

I am building a Flutter mobile app using Firebase backend. I have four collections: institutions, resources, resourceTypes, users.

I want the institution's collection to be accessible by any user (authenticated/unauthenticated). Because this collection data needs to show the user before signup to take input from the user. Rest collections will be only accessible by authenticated users. Data is fetching and showing unauthenticated users before signup but I am getting the given error:

[ERROR:flutter/runtime/dart_vm_initializer.cc(41)] Unhandled Exception: PlatformException(firebase_firestore, com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions., {code: permission-denied, message: The caller does not have permission to execute the specified operation.}, null)

Below are the function to fetch institution collection data -

 late bool isInstitutionsLoading = false;
  late List<Institution> institutions = [];

  Future<void> fetchInstitutions(BuildContext context) async {
    try {
      isInstitutionsLoading = true;
      notifyListeners();

      final snap =
          await database.collection('institutions').orderBy('name').get();

      institutions =
          snap.docs.map((d) => Institution.fromFirestore(d)).toList();

      notifyListeners();
    } catch (e, st) {
      CustomSnack.warningSnack(e.toString(), context);
    } finally {
      isInstitutionsLoading = false;
      notifyListeners();
    }
  }

Below are my rules:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {

    
    match /institutions/{docId} {
      allow get, list: if true; 
      allow create: if request.auth != null;
      allow update, delete: if request.auth != null &&
                             request.auth.uid == resource.data.userId;
    }

    
    match /users/{docId} {
      allow read: if request.auth != null;
      allow create: if request.auth != null;
      allow update, delete: if request.auth != null &&
                             request.auth.uid == resource.data.userId;
    }

   
    match /resources/{docId} {
      allow read: if request.auth != null;
      allow create: if request.auth != null;
      allow update, delete: if request.auth != null &&
                             request.auth.uid == resource.data.userId;
    }

    
    match /resourceTypes/{docId} {
      allow read: if request.auth != null;
      allow create: if request.auth != null;
      allow update, delete: if request.auth != null &&
                             request.auth.uid == resource.data.userId;
    }
  }
}
Improve this question
4
  • 1
    What is the exact operation that you perform in Firebase that throws that error? Show us the code. The rules alone don't help. Commented Sep 10 at 18:00
  • 1
    Security rules by themselves don't do anything. They are only meaningful when paired with a specific query that they should allow or deny. Some of your rules also depend on document data - without seeing the matching document data, we still might not be able to know what these rules do for your case. Please edit the question to show the code of the query and any relevant documents, and explain what it does that's different than what you expect. Commented Sep 10 at 19:41
  • @AlexMamo I've edited my question, added the function I am calling. Please lemme know, do you need anything else for better understanding? Commented Sep 12 at 18:31
  • Please also provide the content of your documents, as Doug Stevenson also asked in his comment. Commented Sep 13 at 4:04
Related questions
452
What's the difference between Cloud Firestore and the Firebase Realtime Database?
1
Firebase: Allow Read or Write access to different collections
1
How can I make firebase rules that allow auth users to read all documents but only create their own user document not giving themselves admin rights?
Load 3 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.