堆栈内存溢出
  简体   繁体   English

为什么在尝试从 firestore 中删除数组元素时出现权限不足错误,但我可以删除整个文档

[英]Why do I get an insufficient permissions error while trying to delete an array element from firestore, yet I can delete the entire document

 原文  2021-11-01 22:05:41       javascript/ google-cloud-storage/ firebase-security

问题描述

I have a collection in my firestore named "reports"我的firestore中有一个名为“reports”的集合

one of the fields in the reports map is an array of objects.报告映射中的一个字段是对象数组。 These objects reference a photo in cloud storage.这些对象引用云存储中的照片。 They look like this (url points to cloud storage):它们看起来像这样(url指向云存储):

{
   id: uid value
   url: some-url
}

my firebase rules are set up like this for the reports document:我的 firebase 规则为报告文档设置如下:

match /databases/{database}/documents {
    match /reports/{report} {
      allow read: if request.auth != null && request.auth.uid == resource.data.userID;
      allow create: if request.auth != null && request.resource.data.userID == request.auth.uid;
      allow delete, update: if request.auth != null &&
      request.auth.uid == resource.data.userID;
    }
}

for some reason, I can delete the entire document if I want to proving that I have delete permission.....but when I attempt to delete an item from the photos array like this:出于某种原因,如果我想证明我有删除权限,我可以删除整个文档......但是当我尝试从这样的照片数组中删除一个项目时:

const reportRef = db.collection('reports')
reportRef.doc(activeReport.id).update({
    photos: firebase.firestore.FieldValue.arrayRemove(photoToDelete)
})

I end up with an error stating:我最终得到一个错误说明:

Unhandled promise rejection: FirebaseError: Missing or insufficient permissions未处理的承诺拒绝:FirebaseError:权限缺失或不足

Why?为什么? Haven't I given permission to update this document properly?我没有授予正确更新此文档的权限吗?

2 个解决方案

解决方案1
 0  2021-11-01 22:08:08

Go in Database -> Rules ->进入数据库 -> 规则 ->

For development:用于开发:

Change allow read, write: if false;更改allow read, write: if假; to true;真;

Note: It's a quick solution for development purposes only because it will turn off all the security.注意:这是用于开发目的的快速解决方案,因为它会关闭所有安全性。 So, it's not recommended for production.因此,不建议将其用于生产。

For production:用于生产:

If authenticated from firebase: Change allow read, write: if false;如果从 firebase 进行身份验证: Change allow read, write: if假; to request.auth != null;request.auth != null;

解决方案2
 0 已采纳  2021-11-12 14:25:26

In this case it was a bad parameter that was passed in. I needed to pass activeReport not activeReport.id.在这种情况下,传入的是一个错误的参数。我需要传递 activeReport 而不是 activeReport.id。

This is a misleading error message.这是一个误导性的错误消息。 I would delete this question but stackoverflow doesn't want me to because an answer has been posted here.我会删除这个问题,但 stackoverflow 不希望我这样做,因为这里已经发布了一个答案。 Silly.愚蠢的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如果我在 firestore 上设置了 ignoreUndefinedProperties 设置,则会出现“FirebaseError:缺少或不足的权限” - Get “FirebaseError: Missing or insufficient permissions” if I set the ignoreUndefinedProperties setting on firestore 如何访问/删除 Firestore 中随机创建的文档 ID? - How can i access/delete a randomly created document id in firestore? 如何从数组中删除json元素? - How do i delete an json element from an array? 如何通过单击从 Array 中删除元素 - How do I delete an element from Array with click 如何从数组中删除嵌套元素? - How can I delete a nested element from an array? 如何使用firestore通过索引从数组中获取元素 - How can i get an element from array by index using firestore 从 Firestore 数据库中删除数组元素 - Delete a array element from a Firestore database 为什么在尝试通过 AWS API Gateway 和 Lambda 执行 DELETE 请求时会收到 CORS 内部服务器错误? - Why do I get a CORS internal server error when trying to do a DELETE request via AWS API Gateway and Lambda? Firestore/Vuejs:无法从 Firestore 文档中删除 - Firestore/Vuejs: Can't delete from Firestore document 如何从json对象数组中删除整个json对象并将其写到文件中? - How can I delete an entire json object from an array of json objects and write it out to file?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM