Firebase数据库安全规则,请检查resource.data中的auth.email [英] Firebase database security rule, check auth.email in resource.data
问题描述
错误[firebase.firestore] FirebaseError:缺少权限或权限不足.
Error [firebase.firestore] FirebaseError: Missing or insufficient permissions.
我有一个允许几个用户更新的对象.管理员将设置他们的电子邮件,并且使用这些电子邮件登录的这些用户将被允许更新.
I have an object that a few users are allowed to update. An admin will set their email, and these users who sign in with those email will be allowed to update.
这些是我尝试过的规则:
These are the rules that I have tried:
allow update: if request.resource.data.managerEmails.val().contains(request.auth.email) && request.resource.data.id == resource.data.id;
allow update: if request.resource.data.managerEmails.contains(request.auth.email) && request.resource.data.id == resource.data.id;
allow update: if request.resource.data.managerEmails.includes(request.auth.email) && request.resource.data.id == resource.data.id;
要更新的资源:
{
id: "someid",
...fields,
managerEmails: "abcde@email.com,anothermanager@email.com",
}
正在更新的用户身份验证:
User auth who is updating:
{
uid: "rSTLnYD9aisyZJHQPC6sg7mlsZh1",
email: "abcde@email.com",
...
}
更新:使用 request.auth.uid
可以在其他规则中使用,但是在这种情况下,我必须使用电子邮件,因为用户可能尚未注册.
Update:
Using request.auth.uid
has been working in other rules, but in this case, I have to use emails because the users might not have signed up yet.
在规则操场上,我得到对象上未定义属性电子邮件.
也许不能使用 request.auth.email
?
Using Rules Playground, I get Property email is undefined on object.
Maybe using request.auth.email
is not possible?
推荐答案
我遇到了同样的问题,但是从使用firebase.auth.email切换到firebase.auth.token.email,现在可以使用了.
I was having the same problem but switched from using firebase.auth.email to firebase.auth.token.email and it now works.
这篇关于Firebase数据库安全规则,请检查resource.data中的auth.email的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!