Closed bynikoala closed 3 years ago
Thanks for the compliments! You could probably do it that way if you want. Basically I followed the recommendations from this article https://medium.com/firebase-developers/patterns-for-security-with-firebase-group-based-permissions-for-cloud-firestore-72859cdec8f6
Hey Jeff,
First things first: This Project is extremely helpful and saves a lot of time - thank you for that!
I wanted to ask, why it is needed to save the admin role in a separate collection, since you can restrict access to specific fields of a document e.g.:
allow update: if (!request.resource.data.diff(resource.data).affectedKeys() .hasAny(['role', 'other_field']));
I'm not an expert so correct me If a am worng but I think this would reduce load/traffic and save miniscule time.