Firebase数据库安全规则，请检查resource.data中的auth.email [英] Firebase database security rule, check auth.email in resource.data

问题描述

错误[firebase.firestore] FirebaseError:缺少权限或权限不足.

Error [firebase.firestore] FirebaseError: Missing or insufficient permissions.

我有一个允许几个用户更新的对象.管理员将设置他们的电子邮件，并且使用这些电子邮件登录的这些用户将被允许更新.

I have an object that a few users are allowed to update. An admin will set their email, and these users who sign in with those email will be allowed to update.

这些是我尝试过的规则:

These are the rules that I have tried:

allow update: if request.resource.data.managerEmails.val().contains(request.auth.email) && request.resource.data.id == resource.data.id;

allow update: if request.resource.data.managerEmails.contains(request.auth.email) && request.resource.data.id == resource.data.id;

allow update: if request.resource.data.managerEmails.includes(request.auth.email) && request.resource.data.id == resource.data.id;

要更新的资源:

{
  id: "someid",
  ...fields,
  managerEmails: "abcde@email.com,anothermanager@email.com",
}

正在更新的用户身份验证:

User auth who is updating:

{
  uid: "rSTLnYD9aisyZJHQPC6sg7mlsZh1",
  email: "abcde@email.com",
  ...
}

更新:使用 request.auth.uid 可以在其他规则中使用，但是在这种情况下，我必须使用电子邮件，因为用户可能尚未注册.

Update: Using request.auth.uid has been working in other rules, but in this case, I have to use emails because the users might not have signed up yet.

在规则操场上，我得到对象上未定义属性电子邮件.也许不能使用 request.auth.email ?

Using Rules Playground, I get Property email is undefined on object. Maybe using request.auth.email is not possible?

推荐答案

我遇到了同样的问题，但是从使用firebase.auth.email切换到firebase.auth.token.email，现在可以使用了.

I was having the same problem but switched from using firebase.auth.email to firebase.auth.token.email and it now works.

这篇关于Firebase数据库安全规则，请检查resource.data中的auth.email的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！