[英]Firestore Rules matching UID with Document Field not working
Having a little problem with a Firebase Rule. Firebase 规则有一点问题。
Here is a sample record:这是一个示例记录:
Here is my rule:这是我的规则:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /question/{questionId}{
allow read : if (request.auth.token.email_verified == true) &&
(request.auth.uid == resource.data.quid);
}
}
}
This fails with:这失败了:
FirebaseError: [code=permission-denied]: Missing or insufficient permissions
FirebaseError:[code=permission-denied]:权限缺失或不足
However, when changing (request.auth.uid == resource.data.quid);
但是,更改时
(request.auth.uid == resource.data.quid);
to (request.auth.uid == 'gTEsGw3cUlaCswmVwpgdSzEd1TW2');
到
(request.auth.uid == 'gTEsGw3cUlaCswmVwpgdSzEd1TW2');
it works fine.它工作正常。 I can also match against email address just fine.
我也可以匹配 email 地址就好了。 Just not the uid to quid field.
只是不是 uid 到 quid 字段。
Thoughts?想法?
If it matters, this is the query in my code:如果重要的话,这是我的代码中的查询:
const showQuestions = () => {db.collection('question').where("email", "==", userObject.email).onSnapshot( data => {
questions = data.docs;
})
}
Your query does not match your rules.您的查询不符合您的规则。 Your rule absolutely requires that the user must only query for specific documents where their UID matches quid field of the document.
您的规则绝对要求用户只能查询其 UID 与文档的 quid 字段匹配的特定文档。 However, your query doesn't put any requirements on the quid field.
但是,您的查询对 quid 字段没有任何要求。 It's important to know that Firestore security rules are not filters , and they will not allow a query where there is any possibility of matching a document that does not satisfy the rules as written.
重要的是要知道Firestore 安全规则不是过滤器,并且它们不允许查询有可能匹配不满足所写规则的文档。
In order to get your query to work, it must specify a filter on the quid field that matches the requirements of the rule.为了使您的查询正常工作,它必须在 quid 字段上指定一个符合规则要求的过滤器。
db.collection('question')
.where("email", "==", userObject.email)
.where("quid", "==", uid)
where uid
is the UID of the currently signed in user (eg firebase.auth().currentUser.uid
).其中
uid
是当前登录用户的 UID(例如firebase.auth().currentUser.uid
)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.