Reference field in nested map in Firestore security rules

Question

I have this data structure:

and need a rule that only allows updates when the city attribute is not changed:

match /requests/{requestId} {
  allow update: if (request.resource.data.diff(resource.data).unchangedKeys().
     hasAll(["customerlocation.city"]))

That doesn't work, because the diff result only shows the customerlocation field, but not the city attribute.

Is it even possible to achieve what I want? I know there are limitations wrt what you can do with nested objects in security rules, but I have might just missed something.

Answer 1

I believe that the solution Aion proposed is the only one that will work if you don't want to change your data structure and have to do this inside of the Firestore rules.

I don't know what your overall data structure looks like, but you could move customerLocation out to its own collection. Then you would store a DocumentReference to customerLocation inside of the request.

You could also create a cloud function with document('requests/{requestId}').onUpdate() and check if the city changed. If it has, then change it back in there. This would require you to keep track of the fact that you changed back the property though. Otherwise, the function would keep triggering and flipping the values.