Firestore: Why get runs in playground but not in app (as a query)

Data model: We have a collection users. Every user has a subcollection posts and every post has a subcollection comments. The key is that every post has a field viewers which is an array of user ids that CAN view the post. So the path of a comment is :

users/{userid}/posts/{postid}/comments/{commentid}

The rules are :

rules_version = '2';  service cloud.firestore {    match /databases/{database}/documents {      match /users/{userId} {        allow write: if request.auth != null && request.auth.uid == userId;        allow read : if request.auth != null      }            match /users/{userId}/posts/{postId} {          allow read, write: if  request.auth != null && ((request.auth.uid == userId) || (request.auth.uid in resource.data.viewers))        allow update: if  request.auth != null && ((request.auth.uid == userId) || (request.auth.uid in resource.data.viewers))      }             match /users/{userId}/posts/{postId}/comments/{commentId} {          allow create,write : if request.auth != null && request.auth.uid in get(/users/userId/posts/postId).data.viewers          allow read: if request.auth != null && (request.auth.uid == userId || request.auth.uid==resource.data.uid)      }          }  }  

In rules (playground) when i check to get a specific path like /users/userId1/posts/postId and in this post doc the array viewers has the id userId2, works fine (true). But in app the userId2 cant view others posts with error :

failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}

Query in app :

db.collectionGroup("posts")      .whereArrayContains("viewers",user.getUid())      .whereEqualTo("visible", "visible").get()  

Any ideas why that might happen?

https://stackoverflow.com/questions/66960258/firestore-why-get-runs-in-playground-but-not-in-app-as-a-query April 06, 2021 at 05:53AM