Hi,
I have a Users collection for user authentication and to store an object called “collection”, document structure below:
{
“ref”: Ref(Collection(“Users”), “303368775189660174”),
“ts”: 1626101824550000,
“data”: {
“email”: “test@email.com”,
“collection”: {
“123345”: 123345,
“165634”: 165634,
“1722381”: 1722381
}
}
}
I Login user and use the (ret) => ret.secret of the authenticated user to create a new client using the user’s secret and am able to retrieve the collection object fine but am having issues running the following:
query(
q.Update(
q.Select(
“ref”,
q.Get(q.Match(q.Index(“users_by_email”), “test@email.com”))
),
{
data: {
collection: {“123”: 123},
},
}
)
to update the user’s document (only access to their own document) using the following Write permission:
Lambda(
[“oldData”, “newData”],
And(
Equals(Identity(), Select([“data”, “email”], Var(“oldData”))),
Equals(
Select([“data”, “email”], Var(“oldData”)),
Select([“data”, “email”], Var(“newData”))
)
)
)
My understanding is that they should be able to update collections object and not able to edit the email object but I still receive:
PermissionDenied {name: “PermissionDenied”, message: “permission denied”, description: “Insufficient privileges to perform the action.”, requestResult: RequestResult}