so i've built a frontend and now i'm working on a backend that has security rules based on custom claims. I'm getting an error that i can't understand. I've run the callable functions and logged out and back in but i still get an error message when i try to change document details. I'm trying to edit a document in firestore, a document belonging to the user. So its either the user makes a change or an admin can make a change.
edit submission:
const onSubmit = async () => {
const editRef = doc(db, `images/${imageID}`);
try {
await updateDoc(editRef, {
aLabels: aLabels,
});
} catch (error) {
console.log(error.message);
toast.error("Something went wrong");
}
}
adminClaims.js
const functions = require("firebase-functions");
const admin = require("firebase-admin");
exports.setAdminClaims = functions.https.onRequest(async (req, res) => {
const adminUIDs = [
"pyqPlr3BT7LwzxBerxi1seqDrv6x"
];
await Promise.all(
adminUIDs.map((uid) =>
admin.auth().setCustomUserClaims(uid, { admin: true })
)
);
res.send("Done configuring rules");
});
firestore security rules
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false; //line 5
}
match /images/{image} {
allow read: if true;
allow create: if isLoggedIn() //line 16
allow update, delete: if isLoggedIn() && isOwner() || isAdmin()
}
function isLoggedIn() {
return request.auth.uid != null;
}
function isOwner() {
return request.auth.uid == resource.data.user
}
function isAdmin() {
return request.auth.token.role.admin == true
}
}
Error message
PERMISSION_DENIED: false for 'update' @ L5, evaluation error at L16:32 for 'update' @ L16, false for 'update' @ L5, Property role is undefined on object. for 'update' @ L16
The error is pretty explicit: your token doesn't have a
roleproperty, so yourisAdminfunction fails:From how you're setting the custom claim the function in the rules should be: