[英]Firestore Security Rule: Allow read only for Author rule not working
I'm trying to secure my Documents with a availability
status, that can be public
or private
.我正在尝试使用availability
状态来保护我的文档,该状态可以是public
或private
。 Everybody can read public
Documents and private
Documents can be read by Users who have created the Document (meaning creatorUid
is set to the user's uid).每个人都可以阅读public
文档,而创建文档的用户可以阅读private
文档(意味着creatorUid
设置为用户的 uid)。
These are my rules:这些是我的规则:
match /Routines/{document} {
allow read: if resource.data.availability == "public" || (resource.data.availability == "private" && resource.data.creatorUid == request.auth.uid);
allow write: if true;
}
I have created some tests to see if my rules work:我创建了一些测试来查看我的规则是否有效:
describe.only("Routine Routine Rules", () => {
const userAuthA = { uid: "user123", email: "userA@test.com" };
const demoRoutinePrivate = {
id: "DemoRoutine",
title: "Demo Routine",
availability: "private",
creatorUid: userAuthA.uid,
exercises: []
}
it("Authors can read private routines", async () => {
const admin = getAdminFirestore();
await admin.collection("Routines").doc(demoRoutinePrivate.id).set(demoRoutinePrivate);
const db1 = getAuthedFirestore(userAuthA);
const routines1 = db1.collection("Routines").where("creatorUid", "==", userAuthA.uid);
const routine1 = db1.collection("Routines").doc(demoRoutinePrivate.id);
await firebase.assertSucceeds(routines1.get());
await firebase.assertSucceeds(routine1.get());
});
});
However, I get this error:但是,我收到此错误:
FirebaseError:
Property availability is undefined on object. for 'list' @ L33
I'm pretty certain that my Document has the availabilty
property set, so I don't understand the error.我很确定我的文档设置了availabilty
属性,所以我不明白这个错误。
I figured it out.我想到了。 I had an error in my query.我的查询有误。
const routines1 = db1.collection("Routines").where("creatorUid", "==", userAuthA.uid);
the correct query is:正确的查询是:
const routines1 = db1.collection("Routines").where("availability", "==", "private").where("creatorUid", "==", userAuthA.uid);
although the original error message is not very helpful...虽然最初的错误信息不是很有帮助......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.