Firestore Rule Failing While Using Get() on Newly Created Documents

Using get() in Firestore rules on a newly created document causes the return value to be false. If you wait a few seconds and hit a security rule that calls get() on that same new document, get() will then return the expected value. Am I missing something in my rules and/or code, or is this a bug with Firestore?

service cloud.firestore {
  match /databases/{database}/documents {

    match /budgets/{budgetId} {

      allow read: if == request.auth.uid;
      allow create: if request.auth.uid ==;

      match /accounts/{accountId} {
        allow read, create, update: if userOwnsBudget();  // <--- failing for newly created budget documents

      function userOwnsBudget() {
        return get(/databases/$(database)/documents/budgets/$(budgetId)).data.userId == request.auth.uid;
const data: Budget = {
    userId: userId,
    budgetName: budgetName,
    currencyType: currencyType

try {
    const newBudget = await this.afs.collection<Budget>('budgets').add(data);

    const accountsCollection: AngularFirestoreCollection<BudgetAccount> = this.afs.collection<BudgetAccount>('budgets/' + + '/accounts');

    //Insufficient permission, but occasionally succeeds 
    accountsCollection.valueChanges().subscribe(accounts => {

    setTimeout(() => {
        accountsCollection.valueChanges().subscribe(accounts => {
    }, someArbitaryTime) // Typically waiting 5 seconds is enough, but occasionally that will still fail 

} catch(error) {



EDIT: This bug has been resolved.

This is unfortunately a known issue at the moment. We're working on a fix and will update here once it's resolved. Thanks and sorry!


Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.