如何为尚未创建的Flutter集合添加firebase安全规则
[英]How to add firebase security rules for Flutter collection that hasn't been created yet
问题描述
I'm using Firebase Auth and Firestore Database.
我正在使用 Firebase Auth 和 Firestore 数据库。 I'm trying to add security rules to Firebase Database that allow users to read, update, create and delete posts.我正在尝试向 Firebase 数据库添加安全规则,以允许用户阅读、更新、创建和删除帖子。 When I test my rules in the Rules Playground access is denied so I know that I have not written the rules correctly.当我在 Rules Playground 中测试我的规则时,访问被拒绝,所以我知道我没有正确编写规则。 This is an image of the database prior to adding security rules.这是添加安全规则之前的数据库图像。
Now that I have added the security rules the posts collection isn't created and I get error messages in the Rules Playground of:现在我已经添加了安全规则,没有创建帖子集合,并且我在以下规则游乐场中收到错误消息:
> Simulated write denied
> Simulated read denied
And I get console error of:我得到以下控制台错误:
The following _CastError was thrown building CommunityPage(dirty, dependencies: [_InheritedProviderScope<UserProvider?>], state: _CommunityPageState#f5d54): type 'Null' is not a subtype of type 'String' in type cast
In the app all users should be able to create posts to add to their profile.在应用程序中,所有用户都应该能够创建帖子以添加到他们的个人资料中。 When a user has a newly created account they do not have any posts that exist yet so I am trying to figure out how to include security rules that allow the page where posts will be displayed to appear even though it doesn't have any content when a new user is created.当用户有一个新创建的帐户时,他们还没有任何帖子,所以我试图弄清楚如何包含安全规则,允许显示帖子的页面出现,即使它没有任何内容时创建了一个新用户。 I have reviewed SO threads and Firebase documentation but since I am new to Flutter and Firebase I can't figure things out.我已经查看了 SO 线程和 Firebase 文档,但由于我是 Flutter 和 Firebase 的新手,所以我无法弄清楚。
Any help would be greatly appreciated.任何帮助将不胜感激。 Thank you.谢谢你。
1 个解决方案
解决方案1
2 已采纳 2022-02-08 08:28:55
We can see in the Rules Playground that:我们可以在 Rules Playground 中看到:
- The
readandwriterules that are denied use theisSignedIn()function which checks if therequest.authobject is notnull;被拒绝的read规则使用writeisSignedIn()function 检查request.authobject 是否不是null; - But you don't simulate the user's authentication while using the Rules Playground: see the "Authenticated" switch above the "Run" button in the left pane of the Rules Playground但是您在使用 Rules Playground 时不会模拟用户的身份验证:请参阅 Rules Playground 左窗格中“运行”按钮上方的“已验证”开关
You should activate the authentication simulation in the Rules Playground for your isSignedIn() function to be evaluated to true .您应该在 Rules Playground 中激活身份验证模拟,以便将isSignedIn() function 评估为true 。
Note that most probably the error shown in the right part of the Playground shows a message corresponding to this problem but we don't see it in your screenshot.请注意,Playground 右侧显示的错误很可能显示了与此问题相对应的消息,但我们没有在您的屏幕截图中看到它。
Update following your comment:根据您的评论更新:
Note that request.resource shall only be used in a write rule (see the doc ): this probably explains the problem with the read rule (screenshot at the bottom in your question).请注意, request.resource只能用于write规则(请参阅文档):这可能解释了read规则的问题(问题底部的屏幕截图)。 You have to do:你必须做:
allow read: if isSignedIn() && request.auth.uid == resource.data.uid
Note that the above rules means that there is a field named uid in the post document.注意上面的规则意味着在post文档中有一个名为uid的字段。
For the create rule error: are you sure you pass the user's uid as the value of the field named uid in the newly created document?对于create rule error: are you sure you pass the user's uid as the field named uid in the new created document?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.