[英]Missing or insufficient permissions firestore database rules
I'm self studying firestore and I could not figure out a way to only allow a user to update, delete or read only the collections added by them.我正在自学 firestore,我想不出一种只允许用户更新、删除或只读取他们添加的集合的方法。
This is the structure I'm using:这是我正在使用的结构:
I use firebase auth for user handing.我使用 firebase 身份验证进行用户处理。 I save the currentUser.uid
as user_id
in the database for each collection.我在每个集合的数据库中将currentUser.uid
保存为user_id
。
These are the rules I'm using这些是我正在使用的规则
service cloud.firestore {
match /databases/{database}/documents {
match /tasks{
allow read, update, delete: if request.auth.uid == resource.data.user_id;
allow create: if request.auth.uid != null;
}
}
When I try to read/get the data I get Missing or insufficient permissions
error.当我尝试读取/获取数据时,出现Missing or insufficient permissions
错误。
I'm using the web api (JavaScript) for firestore.我正在为 firestore 使用 web api (JavaScript)。 This is the code I'm using to read data.这是我用来读取数据的代码。
function read() {
db.collection("tasks").get().then((querySnapshot) => {
querySnapshot.forEach((doc) => {
var newLI = document.createElement('li');
newLI.appendChild(document.createTextNode(doc.data().task));
dataList.appendChild(newLI);
});
});
}
the error was in my JavaScript I was getting all without filtering by user错误出在我的 JavaScript 中,我没有按用户过滤就得到了所有内容
function read() {
let taskColletion = db.collection("tasks");
taskColletion.where("user_id", "==", firebase.auth().currentUser.uid).get().then((querySnapshot) => {
querySnapshot.forEach((doc) => {
var newLI = document.createElement('li');
newLI.appendChild(document.createTextNode(doc.data().task));
dataList.appendChild(newLI);
});
});
}
This is actually explained on the Firestore Documentation (I recommend reading it).这实际上在Firestore 文档中有解释(我建议阅读它)。
You're missing a wildcard after /tasks
:您在/tasks
之后缺少通配符:
service cloud.firestore {
match /databases/{database}/documents {
match /tasks/{task} {
allow read, update, delete: if request.auth.uid == resource.data.user_id;
allow create: if request.auth.uid != null;
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.