Firebase storage security rules accessing Firestore - Invalid function name: get

Firebase storage security rules accessing Firestore - Invalid function name: get

I'm writing Firebase Storage security rules to ensure that only the user who created a specific order can access the associated files. However, when I deploy the rules using firebase deploy --only storage, I encounter the following error:

Invalid function name: get.

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    
    match /orders/{orderId}/{folder}/{fileName} {
      function isUserAssociatedWithOrder() {
        return request.auth != null &&
          get(/databases/(default)/documents/ordersPublic/$(orderId)).data.customerUid == request.auth.uid
      }

      // Read and upload only if user is part of the order
      allow read, write: if isUserAssociatedWithOrder(orderId);

      // Explicitly disallow update/delete
      allow update, delete: if false;
    }
  }
}

I've followed the answer on this question by placing the function that uses get() within the match block, but the error still persists. I haven't seen this exact error anywhere else here, so I thought I would ask.

How do I fix this error?

Answer

Since your writing rules for Firebase Storage, you need to use firestore.get() instead of just get().

Example from Firebase Storage docs:

service firebase.storage {
  match /b/{bucket}/o {
    match /users/{club}/files/{fileId} {
      allow read: if club in
        firestore.get(/databases/(default)/documents/users/$(request.auth.id)).memberships
    }
  }
}

Enjoyed this question?

Check out more content on our blog or follow us on social media.

Browse more questions