Firestore DB的安全规则 [英] Security rules for Firestore DB
本文介绍了Firestore DB的安全规则的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试仅允许用户编写ID等于其电子邮件地址的文档.我似乎无法使该规则生效.我要去哪里错了?用户已通过身份验证,并且在用户帐户上设置了电子邮件地址.
I'm trying to only allow users to write documents where the ID is equal to their email address. I can't seem to get this rule to work. Where am I going wrong? The user is authenticated, and email address is set on the user's account.
规则:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow write: if request.auth.email == request.resource.id;
}
}
}
致电:
firestore
.collection('my-document')
.doc(this.$firebase.auth().currentUser.email)
.set({
body: JSON.stringify(object),
email: this.$firebase.auth().currentUser.email,
submitted: new Date()
})
.then(function (docRef) {
console.log('Successfully Written to DB.')
})
.catch(function (error) {
that.isSubmitting = false
console.error('Error adding document: ', error)
})
错误:
Error adding document: Error: Missing or insufficient permissions.
at new FirestoreError (error.js?6b3a:140)
at eval (webchannel_connection.js?80bc:250)
at W.eval (webchannel_connection.js?80bc:195)
at Ab (index.js?0dfd:23)
at W.g.dispatchEvent (index.js?0dfd:21)
at Re.Ca (index.js?0dfd:98)
at ye.g.Oa (index.js?0dfd:86)
at dd (index.js?0dfd:42)
at ed (index.js?0dfd:39)
at ad (index.js?0dfd:37)
推荐答案
结果表明,概要文件详细信息包含在令牌对象中,并且可以按以下方式访问:
Turns out that profile details are contained in the token object, and can be accessed as follows:
request.auth.token.email
这篇关于Firestore DB的安全规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文