安全规则只允许写有验证电子邮件的用户 [英] Security rule to only allow write for users with verified emails

问题描述

我有一个非常简单的写安全规则，应该只允许带有验证邮件的用户写数据，

 someNode： {
.write：auth.token.emailVerified === true
} 
  

出于某种原因，我仍然获得权限拒绝模拟器与特定的用户令牌和我的应用程序与同一用户。我加倍检查客户端中的用户对象，它确实有 emailVerified === true 因此我不知道为什么这不起作用。

屏幕截图：

解决方案

Turn out auth.token.emailVerified 应该是 auth.token.email_verified 它与这些数据如何呈现有点不一致客户端。

I have very simple write security rule that should only allow users with verified email to write data,

"someNode": {
  ".write": "auth.token.emailVerified === true"
}

For some reason I am still getting permission denied in simulator with specific users token and in my app with same user. I double checked user object in client and it indeed has emailVerified === true hence I am not sure to why this is not working.

Screenshot:

解决方案

Turns out auth.token.emailVerified should be auth.token.email_verified its a bit inconsistent with how such data is presented on client side.

这篇关于安全规则只允许写有验证电子邮件的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！