'Firestore rules: Property is undefined on object. for 'list' @ L6

I am having an issue where I am trying to query a subquery by a field, and I have tried the emulator as well as firebase support (still on going, but not solutions yet).

When running the following query:

const queryByNumber = query(
  collectionGroup(this.firestore, 'residents'), 
  where('cellNumber', '==', number)
);
return from(getDocs(queryByNumber));

This query has the error of:

Property cellNumber is undefined on object. for 'list' @ L6

This is what the rules look like at the moment

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{path=**}/residents/{residentDoc} {
        allow write: if resource.data.cellNumber == request.auth.token.phone_number;
        allow read: if request.auth.token.phone_number == resource.data.cellNumber;
        //allow read; //temp permission till support fix
      }
      match /Units/{unitNumber} {
        allow read: if request.auth != null;
        function residentDoc(residentId) {
            return get(/databases/$(database)/documents/Units/$(unitNumber)/residents/$(residentId))
        }
        
        match /pets/{petId} {
          allow write: if residentDoc(request.resource.data.residentId).data.cellNumber == request.auth.token.phone_number;
          allow read: if request.auth != null;
        }
      }
    }
}

And this is the firestore data structure at the moment:

firestore data structure

I have tried to change my query to have the array-contains in the where clause, but that doesn't change much.

Note: the allow read without the if check allows the data to be retrieved, so the query does work, just the rules to secure it are not`

javascriptgoogle-cloud-firestorefirebase-securityangularfire


Solution 1:[1]

The problem is in this condition in your rules:

request.auth.token.phone_number in resource.data.cellNumber

The in operation in Firestore security rules is only defined for maps and lists/arrays, but your cellNumber field is a simple string value, which does not define an in operation as you can see here.

If you want to check whether the phone number in the token is the same as the value of the field, use == instead of in. If you want to test whether it is in the field, consider using the matches method on the string.

Also see:

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Frank van Puffelen

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?