Given the following simplified Firebase Firestore database structure:
users
user1
email: "test1@test.com"
user2
email: "test2@test.com"
I want to be able to query if a user with a specific email exists in the database WITHOUT giving access to the whole users collection
Is it possible to achieve this using the database rules without modifying the database structure?
If it's not possible, what would be the best workaround for this?
I see two possible solutions, but it seems to me that they add too much complexity:
- Expose that specific query via an API endpoint (maybe using Firebase Functions)
- Modify the DB structure as suggested in this thread: Firestore security rules based on request query value
Which approach do you think is better?
from Firestore security rules to allow access only to specific queries and not the whole collection
No comments:
Post a Comment