Firestore安全规则违反更新规则 [英] Firestore Security Rules breaking with update rule

问题描述

我昨天对此发布了一个问题，但我正在创建一个包含更多详细信息的新问题. Firestore .setData被更新规则阻止不创建

I posted a question about this yesterday but I'm creating a new one with more details. Firestore .setData is blocked by update rule not create

我已经运行了模拟器，并且规则在那里工作.同样，当我创建文档并将快速代码中的setData更改为update时，该代码也有效.它似乎仅在创建文档时失败.但是要注意的是，当我删除update规则或简单地将其更改为allow update: if false;时，setData(或被规则视为创建)将正确执行.我不知道发生了什么事，也不知道有什么工具可以用来获得更好的洞察力.

I've run the simulator and the rules work there. Also when I create the document and change setData in the swift code to update the code works. It appears to only fail when creating the document. But the catch is that when I remove the update rule or simply change it to allow update: if false; the setData (or seen as create by the rules) executes properly. I have no clue whats going on nor do I know of any tools for getting a better insight.

 match /users_real/{userID} {
    allow create: if true;
    allow read: if isOwner(userID);
    allow update: if (request.writeFields.size() == 1);

}

设置数据:

self.docRef.collection("users_real").document("adfadsf").setData(post) { (error) in

            if let error = error {
                print("He dead!: \(error.localizedDescription)")


            }
            else {
                print("it worked, for now")


            }
        }

推荐答案

Firebase支持确认存在与评估request.writeFields.size()相关的错误.没有估计何时修复.

Firebase Support confirms that there is a bug related to the evaluation of request.writeFields.size(). No estimate was given of when it will be fixed.

可以通过以下规则证明该错误的存在:

The existence of the bug can be demonstrated with the following rules:

service cloud.firestore {
  match /databases/{database}/documents {

    match /cities/{city} {
      // This should always evaluate to true, but does not.
      allow create: if (request.writeFields.size() == 1) || (request.writeFields.size() != 1);
      allow update: if true;
    }
  }
}

尽管create规则应始终评估为true，但是创建城市的尝试因权限被拒绝而失败.看来request.writeFields的问题不仅影响它出现的规则，而且还影响路径的其他规则.对于上述规则，尝试更新现有城市也将失败，并显示权限被拒绝".

Although the create rule should always evaluate to true, an attempt to create a city fails with Permission Denied. It seems that the problem with request.writeFields affects not only the rule in which it appears, but also other rules for the path. For the rules shown above, an attempt to update an existing city also fails with Permission Denied.

这篇关于Firestore安全规则违反更新规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！