firestore: PERMISSION_DENIED: Missing or insufficient permissions
Go in Database -> Rules ->
For development:
Change allow read, write: if false; to true;
Note: It's quick solution for development purpose only because it will turns off all the security. So, it's not recommended for production.
For production:
If authenticated from firebase: Change allow read, write: if false; to request.auth != null;
Go to Database -> Rules :
Then changed below rules
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
}
}
to below
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
So in my case I had the following DB rules:
service cloud.firestore {
match /databases/{database}/documents {
match /stories/{story} {
function isSignedIn() {
return request.auth.uid != null;
}
allow read, write: if isSignedIn() && request.auth.uid == resource.data.uid
}
}
}
As you can see there is a uid field on the story document to mark the owner.
Then in my code I was querying all the stories (Flutter):
Firestore.instance
.collection('stories')
.snapshots()
And it failed because I have already added some stories via different users. To fix it you need to add condition to the query:
Firestore.instance
.collection('stories')
.where('uid', isEqualTo: user.uid)
.snapshots()
More details here: https://firebase.google.com/docs/firestore/security/rules-query
EDIT: from the link
Rules are not filters When writing queries to retrieve documents, keep in mind that security rules are not filters—queries are all or nothing. To save you time and resources, Cloud Firestore evaluates a query against its potential result set instead of the actual field values for all of your documents. If a query could potentially return documents that the client does not have permission to read, the entire request fails.