Firestore安全规则权限问题 [英] Firestore Security Rules Permission Issue
问题描述
我在Firestore集合中有以下结构的称为清单"的文档:
I have documents in firestore collection called 'inventories' of the following structure:
{
creator: string,
images: string[],
}
创建者字段是创建文档的用户的uid.
the creator field is the uid of the user who created the document.
在"firestore规则"部分中,我具有以下规则:
In my firestore rules section I have the following rules:
service cloud.firestore {
match /databases/{database}/documents {
match /inventories/{inventoryid} {
allow read, write: if request.auth.id == resource.data.creator;
}
}
}
在离子应用程序中,我执行以下操作:
In my ionic application I do the following:
this.inventoryCollection = database.collection<Inventory[]>
('inventories', ref => ref.where('creator', '==', auth.currentUserId));
执行此操作时出现以下错误:
I get the following error when this executes:
Missing or insufficient permissions.
有人可以看到我在做什么错吗?我的规则有问题吗?还是我的代码调用了Firestore的问题?
Can anyone see what I am doing wrong? Is it a problem with my rules? Or is it a problem with my code calling the firestore?
推荐答案
您应该使用 request.auth.uid 而不是 request.auth.id ,请参见
You should use request.auth.uid instead of request.auth.id, see https://firebase.google.com/docs/reference/rules/rules.firestore.Request#auth
此外,您应将规则分为两个子规则",如下所示:
Also, you should divide your rules in two "sub-rules", as follows:
service cloud.firestore {
match /databases/{database}/documents {
match /inventories/{inventoryid} {
allow read: if request.auth.id == resource.data.creator;
allow write: if request.auth.id == request.resource.data.creator;
}
}
}
请注意在 write 规则中使用 request.resource .
以下有关Firestore安全规则的官方视频对此进行了很好的解释: https://www.youtube.com/watch?v=eW5MdE3ZcAw
This is very well explained in the official following video about Firestore Security Rules: https://www.youtube.com/watch?v=eW5MdE3ZcAw
这篇关于Firestore安全规则权限问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
