在访问规则中使用字段写入Firestore时缺少权限或权限不足 [英] Missing or insufficient permissions when writing to Firestore using field in access rules

查看：284 发布时间：2017/11/10 21:31:03 firebase firebase-security google-cloud-firestore

本文介绍了在访问规则中使用字段写入Firestore时缺少权限或权限不足的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我尝试使用包含用户uid的字段作为我的安全规则。

$ p $ service cloud.firestore { match / databases / {database} / documents { match / messages / {document = **} { 允许阅读：if resource.data.user_uid == request.auth.uid; 允许写入：if resource.data.user_uid == request.auth.uid; $ b code $ b如果我有数据在我的Firestore数据库，读取规则工作正常 - 但是当我试图写我得到：错误：缺少或不足的权限。有什么我做错了用这个写规则？

 
 
  PS如果我改变我的规则，我可以写入我的数据库 - 但是这不够安全，我的目的：
 
 
  match / messages / {document = **} {
 allow read：if resource.data.user_uid == request.auth.uid; 
允许写入：if request.auth！= null; 
 
 $ / code> 
 
 
解决方案   resource.data 是指已存储的数据，因此您的规则允许用户只更新已经包含其用户ID的数据。
 
 
 可能要检查的是 request.resource.data 这是新的数据。
 
 
 有关这些字段和其他安全规则的文档： https://firebase.google。 com / docs / firestore / security / secure-data   
I am getting an error when attempting to write to Firestore.

I am attempting to use a field containing the user uid for my security rule.
service cloud.firestore {
  match /databases/{database}/documents {

    match /messages/{document=**} {
      allow read: if resource.data.user_uid == request.auth.uid;
      allow write: if resource.data.user_uid == request.auth.uid;
    }
  }
}
If I have data in my Firestore database, the read rule works fine - but when I attempt to write I get: Error: Missing or insufficient permissions.
Is there something I'm doing wrong with this write rule?

P.S. If I change my rule to this, I'm able to write to my database - but this isn't secure enough for my purposes:
 match /messages/{document=**} {
      allow read: if resource.data.user_uid == request.auth.uid;
      allow write: if request.auth != null;
    }

 解决方案 
resource.data refers to the data already stored, so your rule allowed users to only update data that already includes their user ID.

What you probably want to check is request.resource.data which is the new data coming in.

There's a rather extensive document about those fields and other security rules here: https://firebase.google.com/docs/firestore/security/secure-data

                        这篇关于在访问规则中使用字段写入Firestore时缺少权限或权限不足的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！
                        
                    

                    
                        查看全文

在访问规则中使用字段写入Firestore时缺少权限或权限不足 [英] Missing or insufficient permissions when writing to Firestore using field in access rules

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

在访问规则中使用字段写入Firestore时缺少权限或权限不足 [英] Missing or insufficient permissions when writing to Firestore using field in access rules

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭