A Useful Custom Function to Debug Firestore Security Rules

pizzacat83 — Sat, 21 May 2022 11:57:52 +0000

Firestore security rules provide a function debug, which logs the given value to firestore-debug.log (only when using the Firestore Emulator; it's no-op in production). But it just prints the value, with no information on its context. When your security rule doesn't work as expected, you might wrap every suspicious expression with debug and then struggle to figure out the correspondence between each log entires and the plenty calls to debug.

What if there's a function to log custom messages that explain why the request is denied? Like:


allow get: if
  // logs "not admin" if the user's role is not admin
  assert(request.auth.role == "admin", "not admin") &&
  // logs "email is not verified" if email_verified is false
  assert(request.auth.email_verified, "email is not verified");

Actually, you can implement this assert function! The definition is:

function assert(condition, message) {
  return condition || debug(message) && false;
}

When condition is truthy, it just returns condition. Otherwise, it logs message to firestore-debug.log and returns false.

I hope this function helps you debug your security rules!

DEV Community: pizzacat83

A Useful Custom Function to Debug Firestore Security Rules