在Firestore规则中使用resource.data [英] Using resource.data in Firestore rules

问题描述

我有以下Firestore规则:

I have the following Firestore rules:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
        allow read: if true;
    }
    match /institutions/{institution}/watches/{watch} {
      allow read, update, delete: if request.auth.email == resource.data.email;
      allow create: if request.auth.email != null;
    }
  }
}

从本质上讲，我希望这样，当且仅当文档上的电子邮件与用户的电子邮件相同时，/institutions/{institution}/watches下的任何文档才可以读取/更新/删除.但是，当我通过带有示例文档的模拟器运行此命令时，我无法使访问控制正常工作，并且在API客户端上也出现了权限被拒绝的错误.

Essentially, I'd like it such that any document under /institutions/{institution}/watches is read/update/deleteable if and only if the email on the document is identical to the email of the user. When I run this through the simulator with an example document, however, I can't get the access control to work and I also get a permission denied error on the API client.

是否可以进一步调试此方法/我的上述规则中是否缺少某些内容?

Is there any way to debug this further/is something missing from my above rules?

推荐答案

我相信request.auth.email应该是request.auth.token.email.请参见 https://firebase.google.com/docs/reference /rules/rules.firestore.Request#auth .

I believe that request.auth.email should be request.auth.token.email. See https://firebase.google.com/docs/reference/rules/rules.firestore.Request#auth .

这篇关于在Firestore规则中使用resource.data的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！