Allow update on single field in firestore
Map diffs in the Rules language were introduced to solve this:
function isUpdateToOpenField() {
return request.resource.data.diff(resource.data).affectedKeys().hasOnly(['open']);
}
allow update: if isUpdateToOpenField();
Update: Instead of writeFields
, you can now use Map.diff()
Check out the writeFields
variable for security rules:
allow update: if ((request.writeFields.size() == 1) && ('open' in request.writeFields));
Since writeFields is deprecated and should not be used, you will have to examine request.resource.data
. However, it always contains all of the fields of the written document (it's final state). This means that you will have to compare all of the fields of the written document to the fields of the original document in resource.data
in order to make sure that only the ones that changed are the ones that you allow to be changed.
Currently this requires an explicit check for every field that could possibly be written, which is not fun to implement. The Firebase team is looking into ways of making this sort of rule easier to express by allowing you to diff the data maps of the "before" and "after" documents.