某些Firebase安全规则适用于云端功能中的管理员 [英] Some Firebase security rules apply for admin in Cloud Functions
问题描述
使用 auth.createCustomToken
这是目前不可用于默认帐户
admin = require('火力管理员);
functions = require('firebase-functions');
credential = admin.credential.cert(require('./ credentials.json'));
admin.initializeApp({credential:credential,databaseURL:functions.config()。firebase.databaseURL});
阻止更新的安全规则: 用户用 如果将规则更改为此,第一个错误(更新)消失: 解决方法是重新定义 a href =https://firebase.google.com/docs/reference/functions/functions.Event#data =noreferrer> Cloud Function gets a firebase permission denied error when updating or removing. The service account is initialized with credentials from a file in order to use The security rules that prevent the updates: The user inserts data with The first error (update) disappears if I change the rules to this:
The workaround is to redefine
Within the 这篇关于某些Firebase安全规则适用于云端功能中的管理员的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
< pre $ downloads:{
$ key:{
.write:data.val()== null
}
$ b push
转换为 / downloads
,Cloud Function会尝试更新并随后删除。这两个操作失败,即使管理帐户应该绕过所有安全规则,包括验证。
FIREBASE WARNING:update at / downloads / Kexz33ljYjKblF_ZgUo失败:permission_denied
FIREBASE WARNING:set at / downloads / -Kexz33ljYjKblF_ZgUo failed:permission_denied
downloads:{
$ key:{
.write:newData.child('uid')。val()== auth.uid
}
}
$ c
UPDATE
事件。 data.ref
为
ref = admin.database()。ref(event.data。 ref.path.toString())
event.data
一个>对象返回给你的Cloud函数的 onWrite()
回调,有两种类型的数据库引用:一个作用范围与触发写入的用户具有相同的权限( event.data.ref
)和一个具有管理权限的范围,授予完整的读写权限( event.data.adminRef
)。我不能说,因为你没有提供一个代码示例显示你的云功能,但我敢打赌,你正在使用 event.data.ref
。切换到使用 event.data.adminRef
应该可以解决您的问题。auth.createCustomToken
which isn't currently available for the default accountadmin = require('firebase-admin');
functions = require('firebase-functions');
credential = admin.credential.cert(require('./credentials.json'));
admin.initializeApp({credential: credential, databaseURL: functions.config().firebase.databaseURL});
"downloads": {
"$key": {
".write": "data.val() == null"
}
}
push
into /downloads
then Cloud Function tries to update and subsequently remove. Both of these operations fail even though admin accounts supposedly bypass all security rules including validation.FIREBASE WARNING: update at /downloads/-Kexz33ljYjKblF_ZgUo failed: permission_denied
FIREBASE WARNING: set at /downloads/-Kexz33ljYjKblF_ZgUo failed: permission_denied
"downloads": {
"$key": {
".write": "newData.child('uid').val() == auth.uid"
}
}
UPDATE
event.data.ref
to beref = admin.database().ref(event.data.ref.path.toString())
event.data
object returned to your Cloud Function's onWrite()
callback, there are two types of Database references: one that is scoped to to the same permissions as the user who triggered the write (event.data.ref
) and one that is scoped with admin rights, granting full read and write access (event.data.adminRef
). I can't tell since you didn't provide a code sample showing your Cloud Function, but I bet you are using event.data.ref
. Switching to use event.data.adminRef
should resolve your problem.