Firestore 安全规则 get() 不起作用 [英] Firestore security rule get() not work
问题描述
只是一个简单的问题:这有什么问题,为什么这不起作用?
just a simple question: whats wrong with this and why this is not working?
试图让在用户部分中具有admin"角色的用户访问 /titles/{anyTitle} 但仍然获得
Trying to get access with user who has role 'admin' in users section to the /titles/{anyTitle} but still get
权限缺失或不足.
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow write: if false;
allow read: if false;
}
function userCanWrite () {
return get(/databases/{database}/documents/users/$(request.auth.uid)).data.role == "admin";
}
match /titles/{anyTitle=**} {
allow read: if request.auth != null;
allow write: if userCanWrite();
}
}
}
我尝试了官方文档中的另一个规则get(/databases/{database}/documents/users/$(request.auth.uid )).data.isAdmin == true;
I tried another rule from official documents
get(/databases/{database}/documents/users/$(request.auth.uid)).data.isAdmin == true;
这也行不通
支持帮助我找到了解决方案你应该这样做:
Support helped me find the solution this is how you should do:
数据库结构:
users -> {{ userid }} -> { role: "admin" }
users -> {{ userid }} -> { role: "admin" }
数据库规则设置:
get(usersPath/$(request.auth.uid)).role == "admin" ||get(usersPath/$(request.auth.uid)).data.role == "admin";
get(usersPath/$(request.auth.uid)).role == "admin" || get(usersPath/$(request.auth.uid)).data.role == "admin";
推荐答案
我联系了 Firebase 支持以报告该错误,他们给了我一个临时解决方案.在安全规则方面,他们的系统似乎存在错误.他们说文档没问题,但现在我们应该这样解决:
I contacted to the Firebase support to report that bug and they gave me a temporary solution on this. It seems that they are having a bug in their systems on the security rules side. They say that the documentation is ok, but for now we should workaround this way:
get(path).data.field == true || get(path).field == true;
因为错误是未填充数据对象,所以您应该检查这两个属性.没有针对此错误启动解决方案的预计到达时间,因此我问他们在解决此问题时是否可以给我建议,因此我会根据他们的信息及时更新此答案.
Because the bug is that data object isn't populated, you should check both properties. There's no ETA for launching a solution on this bug, so I asked they if they could give me an advice when they solved this issue, so I'll keep this answer up-to-date with their information.
这篇关于Firestore 安全规则 get() 不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!