[英]Firestore security rules missing permissions on create new document for new authenticated user
I'm trying to setup a role-based Firestore security rules but I'm stuck with how to create a new document if the incoming data uid matches with the auth uid.我正在尝试设置基于角色的 Firestore 安全规则,但如果传入数据 uid 与 auth uid 匹配,我仍然无法解决如何创建新文档的问题。
But where to define that incoming uid?但是在哪里定义传入的 uid 呢?
I have tried to initialize the user uid of the new user to my model like this code below but it still missing some permissions.我已尝试将新用户的用户 uid 初始化为我的 model,如下面的代码但它仍然缺少一些权限。
final personalInfoData = PersonalInfoModel(
uid: auth.getUid(),
name: name,
age: int.parse(age),
);
Here is my code looks like这是我的代码看起来像
match /profile/{profileId}/{document=**}{
allow read: if isSignedIn() && docIdEqualsAuthId(profileId);
allow create: if isSignedIn() && incomingUidEqualsAuthId();
}
function isSignedIn(){
return request.auth != null;
}
function docIdEqualsAuthId(profileId){
return profileId == request.auth.uid;
}
function incomingUidEqualsAuthId(){
return request.resource.data.uid == request.auth.uid;
}
Here is my controller code:这是我的 controller 代码:
String getUid() {
return auth.currentUser!.uid;
}
final personalInfoData = PersonalInfoModel(
name: name,
age: int.parse(age),
);
DocumentReference profileCRef =
firestore.collection("profile").doc(auth.getUid());
try {
await profileCRef.set({'personalInfo': json}, SetOptions(merge: true));
} on Exception catch (e) {
print(e);
}
The way I setup my controller is it will create a new document with a document Id of request.auth.uid
of the new user.我设置 controller 的方式是创建一个新文档,其文档 ID 为新用户的request.auth.uid
。
I want rules to identify if the new user is authenticated and the incoming request to create a profile info must have a valid user id that matches with the auth uid.我想要规则来识别新用户是否经过身份验证,并且创建配置文件信息的传入请求必须具有与 auth uid 匹配的有效用户 ID。
If the document still not exists in the database then create a new document with an ID of the uid.如果数据库中仍不存在该文档,则创建一个 ID 为 uid 的新文档。
The error I'm getting is this我得到的错误是这个
W/Firestore(14626): (24.0.1) [WriteStream]: (221034) Stream closed with status: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}.
W/Firestore(14626): (24.0.1) [Firestore]: Write failed at profile/N8CuobvPdHXr40KYgebw52SmOBp2: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}
The request.resource.data
is the data that you are trying to add in the document. request.resource.data
是您尝试添加到文档中的数据。 Currently uid
is not a field in document but a property in personalInfo
map. So you must specify path to the field that you are trying to read in security rules.当前uid
不是文档中的一个字段,而是personalInfo
map 中的一个属性。因此,您必须指定您试图在安全规则中读取的字段的路径。 The following should work:以下应该工作:
function incomingUidEqualsAuthId(){
return request.resource.data.personalInfo.uid == request.auth.uid;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.