在访问规则中使用字段写入Firestore时缺少权限或权限不足 [英] Missing or insufficient permissions when writing to Firestore using field in access rules
问题描述
我尝试使用包含用户uid的字段作为我的安全规则。
$ p $ service cloud.firestore {
match / databases / {database} / documents {
match / messages / {document = **} {
允许阅读:if resource.data.user_uid == request.auth.uid;
允许写入:if resource.data.user_uid == request.auth.uid;
$ b code
$ b如果我有数据在我的Firestore数据库,读取规则工作正常 - 但是当我试图写我得到:错误:缺少或不足的权限。
有什么我做错了用这个写规则?
PS如果我改变我的规则,我可以写入我的数据库 - 但是这不够安全,我的目的:
match / messages / {document = **} {
allow read:if resource.data.user_uid == request.auth.uid;
允许写入:if request.auth!= null;
$ / code>
resource.data
是指已存储的数据,因此您的规则允许用户只更新已经包含其用户ID的数据。
可能要检查的是 request.resource.data
这是新的数据。
有关这些字段和其他安全规则的文档: https://firebase.google。 com / docs / firestore / security / secure-data
I am getting an error when attempting to write to Firestore.
I am attempting to use a field containing the user uid for my security rule.
service cloud.firestore {
match /databases/{database}/documents {
match /messages/{document=**} {
allow read: if resource.data.user_uid == request.auth.uid;
allow write: if resource.data.user_uid == request.auth.uid;
}
}
}
If I have data in my Firestore database, the read rule works fine - but when I attempt to write I get: Error: Missing or insufficient permissions.
Is there something I'm doing wrong with this write rule?
P.S. If I change my rule to this, I'm able to write to my database - but this isn't secure enough for my purposes:
match /messages/{document=**} {
allow read: if resource.data.user_uid == request.auth.uid;
allow write: if request.auth != null;
}
resource.data
refers to the data already stored, so your rule allowed users to only update data that already includes their user ID.
What you probably want to check is request.resource.data
which is the new data coming in.
There's a rather extensive document about those fields and other security rules here: https://firebase.google.com/docs/firestore/security/secure-data
这篇关于在访问规则中使用字段写入Firestore时缺少权限或权限不足的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!