[英]How to add firebase security rules for Flutter collection that hasn't been created yet
I'm using Firebase Auth and Firestore Database.我正在使用 Firebase Auth 和 Firestore 数据库。 I'm trying to add security rules to Firebase Database that allow users to read, update, create and delete posts.
我正在尝试向 Firebase 数据库添加安全规则,以允许用户阅读、更新、创建和删除帖子。 When I test my rules in the Rules Playground access is denied so I know that I have not written the rules correctly.
当我在 Rules Playground 中测试我的规则时,访问被拒绝,所以我知道我没有正确编写规则。 This is an image of the database prior to adding security rules.
这是添加安全规则之前的数据库图像。
Now that I have added the security rules the posts collection isn't created and I get error messages in the Rules Playground of:现在我已经添加了安全规则,没有创建帖子集合,并且我在以下规则游乐场中收到错误消息:
> Simulated write denied
> Simulated read denied
And I get console error of:我得到以下控制台错误:
The following _CastError was thrown building CommunityPage(dirty, dependencies: [_InheritedProviderScope<UserProvider?>], state: _CommunityPageState#f5d54): type 'Null' is not a subtype of type 'String' in type cast
以下 _CastError 被抛出构建 CommunityPage(dirty, dependencies: [_InheritedProviderScope<UserProvider?>], state: _CommunityPageState#f5d54): type 'Null' is not a subtype of type 'String' in type cast
In the app all users should be able to create posts to add to their profile.在应用程序中,所有用户都应该能够创建帖子以添加到他们的个人资料中。 When a user has a newly created account they do not have any posts that exist yet so I am trying to figure out how to include security rules that allow the page where posts will be displayed to appear even though it doesn't have any content when a new user is created.
当用户有一个新创建的帐户时,他们还没有任何帖子,所以我试图弄清楚如何包含安全规则,允许显示帖子的页面出现,即使它没有任何内容时创建了一个新用户。 I have reviewed SO threads and Firebase documentation but since I am new to Flutter and Firebase I can't figure things out.
我已经查看了 SO 线程和 Firebase 文档,但由于我是 Flutter 和 Firebase 的新手,所以我无法弄清楚。
Any help would be greatly appreciated.任何帮助将不胜感激。 Thank you.
谢谢你。
We can see in the Rules Playground that:我们可以在 Rules Playground 中看到:
read
and write
rules that are denied use the isSignedIn()
function which checks if the request.auth
object is not null
;read
规则使用write
isSignedIn()
function 检查request.auth
object 是否不是null
;You should activate the authentication simulation in the Rules Playground for your isSignedIn()
function to be evaluated to true
.您应该在 Rules Playground 中激活身份验证模拟,以便将
isSignedIn()
function 评估为true
。
Note that most probably the error shown in the right part of the Playground shows a message corresponding to this problem but we don't see it in your screenshot.请注意,Playground 右侧显示的错误很可能显示了与此问题相对应的消息,但我们没有在您的屏幕截图中看到它。
Update following your comment:根据您的评论更新:
Note that request.resource
shall only be used in a write
rule (see the doc ): this probably explains the problem with the read
rule (screenshot at the bottom in your question).请注意,
request.resource
只能用于write
规则(请参阅文档):这可能解释了read
规则的问题(问题底部的屏幕截图)。 You have to do:你必须做:
allow read: if isSignedIn() && request.auth.uid == resource.data.uid
Note that the above rules means that there is a field named uid
in the post
document.注意上面的规则意味着在
post
文档中有一个名为uid
的字段。
For the create
rule error: are you sure you pass the user's uid as the value of the field named uid
in the newly created document?对于
create
rule error: are you sure you pass the user's uid as the field named uid
in the new created document?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.