在Firestore规则中使用resource.data [英] Using resource.data in Firestore rules
问题描述
我有以下Firestore规则:
I have the following Firestore rules:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if true;
}
match /institutions/{institution}/watches/{watch} {
allow read, update, delete: if request.auth.email == resource.data.email;
allow create: if request.auth.email != null;
}
}
}
从本质上讲,我希望这样,当且仅当文档上的电子邮件与用户的电子邮件相同时,/institutions/{institution}/watches
下的任何文档才可以读取/更新/删除.但是,当我通过带有示例文档的模拟器运行此命令时,我无法使访问控制正常工作,并且在API客户端上也出现了权限被拒绝的错误.
Essentially, I'd like it such that any document under /institutions/{institution}/watches
is read/update/deleteable if and only if the email on the document is identical to the email of the user. When I run this through the simulator with an example document, however, I can't get the access control to work and I also get a permission denied error on the API client.
是否可以进一步调试此方法/我的上述规则中是否缺少某些内容?
Is there any way to debug this further/is something missing from my above rules?
推荐答案
我相信request.auth.email
应该是request.auth.token.email
.请参见 https://firebase.google.com/docs/reference /rules/rules.firestore.Request#auth .
I believe that request.auth.email
should be request.auth.token.email
. See https://firebase.google.com/docs/reference/rules/rules.firestore.Request#auth .
这篇关于在Firestore规则中使用resource.data的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!