Test a firestore rule like "allow list"

firebase / quickstart-testing

Samples demonstrating how to test your Firebase app

Apache License 2.0

333 stars 92 forks source link

Open gjanvier opened 2 years ago

gjanvier commented 2 years ago

In unit-test-security-rules-v9, show should I test an allow list rule, like in this example of firestore rules:

    match /users/{userId}/{allPaths=**} {
        allow list: if request.auth.token.isAdmin;
    }

In my use-case, I want to allow users to get their own info but only admins can list everybody.

Thanks

ghost commented 1 year ago

For your case will be:

1) const adminDb = testEnv.authenticatedContext('admin', { "isAdmin": true }).firestore()

2) await assertSucceeds(adminDb.collection('users').get())

.get() on specific collection need at least list rule, see https://fireship.io/snippets/firestore-rules-recipes/