堆栈内存溢出
  简体   繁体   English

如何避免 firestore 中的子集合拒绝权限?

[英]how to avoid permission denied with a subcollection in firestore?

 原文  2021-04-13 12:03:42       javascript/ firebase/ google-cloud-firestore

问题描述

I have a denied permission when i tried to read my subcollection.当我试图阅读我的子集时,我的权限被拒绝了。

This is my collection and subcollection i have Teams/membersList这是我的收藏和子收藏,我有 Teams/membersList

在此处输入图像描述

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
  //Grants only a user access to its own data 
    match /users/{userId} {
      allow read, write: if request.auth.uid == userId;
    }
    //Allow requests from authenticated users
    match/Users/{document=**}{
    allow read, write: if request.auth != null;
    }
    match/Teams/{document=**}{
    allow read, write: if request.auth != null;
    match /membersList/{membersList} {
          allow read, write: if request.auth != null;
        }
  }
   match /Teams/{userId} {
      allow read, write: if request.auth.uid == userId;
    }
  match /Teams/memberLists/{document=**}{
  allow read, write: if request.auth != null;
  }
}

}

this is the part of my code with a denied permission这是我的代码的一部分,但权限被拒绝

 let fetch = async () => {
    firestore()
      .collection("Teams")
      .where("uid", "==", await AsyncStorage.getItem("userID"))
      .get()
      .then((querySnapshot) => {
        if (querySnapshot.empty) {
          console.log("no documents found");
        } else {
          querySnapshot.forEach(async (doc) => {
            let Teams = doc._data.Activity;
            console.log(Teams);
            updateActivity((arr) => [...arr, Teams]);
            console.log(Activity);

            firestore()
              .collection("membersList")
              .get()
              .then((documentSnapshot) => {
                console.log("User exists: ", documentSnapshot.exists);

                if (documentSnapshot.exists) {
                  console.log("User data: ", documentSnapshot.data());
                }
              });
          });
        }
      });

I've still have permission denied after writing this rules.编写此规则后,我的权限仍然被拒绝。 Do you have any ideas??你有什么想法??

1 个解决方案

解决方案1
 0 已采纳  2021-04-13 15:24:03

This code:这段代码:

firestore()
  .collection("membersList")
  .get()

This reads from a top-level collection called membersList , which doesn't exist in your rules.这从名为membersList的顶级集合中读取,该集合在您的规则中不存在。 So the user doesn't have access to the data, and the read gets rejected.所以用户无权访问数据,并且读取被拒绝。 Even if the collection doesn't exist, the read gets rejected.即使集合不存在,读取也会被拒绝。

If you want to read from the membersList subcollection of the current team, that's be:如果你想从当前团队的membersList子集合中读取,那就是:

doc
  .ref
  .collection("membersList")
  .get()

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将子集合添加到 firestore 中的子集合,反应应用程序 - How to add subcollection to a subcollection in firestore, react app Firestore PERMISSION_DENIED - Firestore PERMISSION_DENIED Firestore Ruby:如何进行身份验证? (没有权限) - Firestore Ruby: How to authenticate? (permission denied) Flutter Firestore 权限被拒绝 - Flutter Firestore permission denied PERMISSION_DENIED Firestore 模拟器 - PERMISSION_DENIED Firestore Emulator 未经授权拒绝 Firestore 权限 - Firestore permission denied without auth 如何在 firestore 中获取子集合的数据? - how to fetch subcollection's data in firestore? Firestore 安全规则 - 权限被拒绝 - Firestore security rules - permission denied 如何在 firestore 中获取子集合路径 - how do I get subcollection path in firestore 在 Google Cloud Firestore 的子集合中更新依赖于多个文档的字段时,如何避免竞争条件? - How can I avoid a race condition when updating a field that's dependent multiple documents in a subcollection in Google cloud firestore?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM