What is the best way to display the UID of a Firestore sub-collection publicly while

I have a Firestore database structure set up as shown in image 1. I am looking to allow unauthenticated users of my web application to view the public profiles of plumbers, along with the reviews (image 2) they receive from completed jobs. My main query is regarding how I can securely expose the UID of each user who has posted one of these reviews. I hope that clarifies my question.

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;
    }
  }
}

the UI design I am aiming for

javascriptgoogle-cloud-firestorefirebase-security

Answer №1

For those seeking to allow users to both read and write their own user document, while permitting anyone to read their reviews, consider implementing the following rules:

rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
      allow read, update: if request.auth.uid == userId;
      
      match /reviews/{reviewId} {
        allow read: if true;
        allow write: if request.auth.uid == resource.data.userId
      }
    }
  }
}

This setup allows only the review poster to write (update/delete) it, with all unauthenticated users allowed to read them. Note that unauthorized access to the User document is restricted.

More information on security rules can be found in the documentation.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

The UseEffect function ceases to function properly upon refreshing the website

I'm currently using ReactJS for a project. I have a form that is intended to serve as the configuration for another form. The structure of this specific form is as follows: const [startingDate, setStartingDate] = useState(); const [endingDate, set ...

javascriptreactjsuse-effect

Upload of file successfully completed even though limit was set; input remains unchanged

I seem to be facing an issue where even after confirming with the ok in the window.alert message, the file name still appears next to Choose File. It seems like the file is still being uploaded to the input. How can I prevent this from happening? <inp ...

javascripthtmlreactjs

Exploring FileReader and DOMParser for AngularJS applications

I have a user uploaded file using AngularJS and would like to manipulate the file contents using XML. Unfortunately, I am facing an issue with the DOMParser recognizing the text file. index.html <div ng-controller = "myCtrl"> <input type ...

javascriptangularjsfilereaderdomparser

Displaying a collection of objects in HTML by iterating through an array

As someone new to coding, I am eager to tackle the following challenge: I have designed 3 distinct classes. The primary class is the Place class, followed by a restaurant class and an events class. Both the restaurant class and events class inherit core p ...

javascriptarraystypescriptloops

Displaying the content of the log file within a textarea

Currently, I am working on a project that involves displaying log file contents in a text area. To achieve this, I am utilizing XML HTTP request to read the file content through a Web API. The Web API function reads the file contents as a stream and retu ...

javascriptjqueryxmlhttprequest

How can we determine the total number of mandatory fields in an AngularJS form?

Can you explain how to calculate the number of required fields in a form using AngularJS? In my form, there are two required fields (email and select view). I want to display the count on my page - showing 2 if email is filled, 1 if only email is filled, a ...

javascriptangularjsangularjs-directiveangularjs-scopeangular-ui-router

Issue with executing a jQuery event within a JavaScript object due to application error

I am struggling to comprehend how to set listeners in my JavaScript object. For instance: var obj = function(){ this.test = function(){ console.log('test'); } $(document).on('click','#test',(function(){ ...

javascriptjqueryeventsobject

Dynamically including and deleting classes upon clicking using React

Looking for a solution to handle a list of links. The goal is to add a class called "is-active" when a link is clicked, while also removing any existing "is-active" classes from other links. Only one link should have the "is-active" class at a time. This ...

javascriptreactjsbuttonclassname

Selenide is failing to remove elements with the displayed property set to false

On my automation tests, I am struggling to click a radio button. Even though the radio buttons are visible on the page, the unselected ones have the property displayed:false. Selenide seems unable to click if an html object has the displayed:false property ...

javascriptjavaseleniumselenide

Is there a way to determine whether a number is lesser, greater, or falls within a specific range of values

Is there a more concise and readable way to write a function that checks if a given number is smaller, larger, or between two other numbers? The function should return NaN if any of the input parameters are not numbers. function order(num, a, b) { if ...

javascript

Utilizing Vue's Getter and Setter to manipulate data within the frontend, rather than relying on the raw values

I am completely new to Vue and finding it difficult to understand why I am facing this issue. Whenever I make a call to my backend in order to fetch some data, the response looks like this: id: Getter & Setter name: Getter & Setter season: Getter ...

javascriptvue.js

What is the process for displaying all items within an object in Ionic 3?

Perhaps my question is not very clear, but what I am attempting to do is when the Feed item in the categories screen is clicked, all companies related to Feeding will be listed on the companies screen. I am quite confused because each category may have mu ...

javascriptangulartypescriptionic-framework

Tips for preserving login status even after the browser is shut down with the help of JavaScript

I need help with maintaining a user session in my chat application even when the browser is closed. After users log in for the first time, I want their credentials to be remembered by the browser (I'm currently using local storage). How can I ensure ...

javascripthtml

Execute two tasks simultaneously in two separate workers utilizing the cluster module in node.js

I'm currently diving into clustering with NodeJS. My goal is to have two separate tasks - one handling node-sass and the other managing uglifyjs - each running on a distinct worker using cluster in NodeJS. The code I've implemented seems to be fu ...

javascriptnode.jschild-processnode-sassnode-cluster

Guide on creating a sitemap using Express.js

I've been working with the sitemap.js package from https://www.npmjs.org/package/sitemap While I can add URLs to the sitemap manually, my challenge lies in adding URLs based on data retrieved from MongoDB. Since fetching data from MongoDB is asynchro ...

javascriptmongodbexpresssitemap

Issue with displaying Youtube search API results on EJS template file

I'm currently trying to integrate the YouTube Search API into my website. However, when I make the API call from my route, the results are returned but the page is rendered before the results finish processing - likely due to the asynchronous behavior ...

javascriptnode.jsexpressyoutube-data-api

Exploring the foundations of web development with html and stylus

If you have experience with the roots platform, you are familiar with its default stack including jade, stylus, and coffee script. The documentation provides some information on using HTML, CSS, and pure JavaScript instead of the compiled languages, but d ...

javascripthtmlworkflowstylusroots-toolkit

There are no documents found with the specified UUID in MongoDB

I have been attempting to retrieve a specific document from MongoDB that includes the field "ownerId" containing a binary UUID. In the Mongo console, when I run the command db.dataset.find({ownerId: BinData(3,"ZQ6EAOKbQdSnFkRmVUUAAA==")}).pretty() The ou ...

javascriptnode.jsmongodbmongoskin

pattern validation using a regular expression

I am just starting to learn about regular expressions. In my current project, I am allowing users to input amounts in both shorthand and full digit formats using a material UI TextField component. Here are some examples of the input formats: 400k - short ...

javascriptregexreactjsvalidationmaterial-ui

What is preventing me from utilizing my JavaScript constructor function externally?

I have a question about how I create my object: var myViewModel = new MyViewModel("other"); Why am I unable to call myViewModel.setHasOne(value) from outside the viewmodel? Whenever I try, I encounter this error message: Uncaught TypeError: Cannot ca ...

javascript