stackoom
  简体   繁体   中英

how to avoid permission denied with a subcollection in firestore?

 原文  2021-04-13 12:03:42       javascript/ firebase/ google-cloud-firestore

Question

I have a denied permission when i tried to read my subcollection.

This is my collection and subcollection i have Teams/membersList

在此处输入图像描述

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
  //Grants only a user access to its own data 
    match /users/{userId} {
      allow read, write: if request.auth.uid == userId;
    }
    //Allow requests from authenticated users
    match/Users/{document=**}{
    allow read, write: if request.auth != null;
    }
    match/Teams/{document=**}{
    allow read, write: if request.auth != null;
    match /membersList/{membersList} {
          allow read, write: if request.auth != null;
        }
  }
   match /Teams/{userId} {
      allow read, write: if request.auth.uid == userId;
    }
  match /Teams/memberLists/{document=**}{
  allow read, write: if request.auth != null;
  }
}

}

this is the part of my code with a denied permission

 let fetch = async () => {
    firestore()
      .collection("Teams")
      .where("uid", "==", await AsyncStorage.getItem("userID"))
      .get()
      .then((querySnapshot) => {
        if (querySnapshot.empty) {
          console.log("no documents found");
        } else {
          querySnapshot.forEach(async (doc) => {
            let Teams = doc._data.Activity;
            console.log(Teams);
            updateActivity((arr) => [...arr, Teams]);
            console.log(Activity);

            firestore()
              .collection("membersList")
              .get()
              .then((documentSnapshot) => {
                console.log("User exists: ", documentSnapshot.exists);

                if (documentSnapshot.exists) {
                  console.log("User data: ", documentSnapshot.data());
                }
              });
          });
        }
      });

I've still have permission denied after writing this rules. Do you have any ideas??

1 answers

solution1
 0 ACCPTED  2021-04-13 15:24:03

This code:

firestore()
  .collection("membersList")
  .get()

This reads from a top-level collection called membersList , which doesn't exist in your rules. So the user doesn't have access to the data, and the read gets rejected. Even if the collection doesn't exist, the read gets rejected.

If you want to read from the membersList subcollection of the current team, that's be:

doc
  .ref
  .collection("membersList")
  .get()

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add subcollection to a subcollection in firestore, react app Firestore PERMISSION_DENIED Firestore Ruby: How to authenticate? (permission denied) Flutter Firestore permission denied PERMISSION_DENIED Firestore Emulator Firestore permission denied without auth how to fetch subcollection's data in firestore? Firestore security rules - permission denied how do I get subcollection path in firestore How can I avoid a race condition when updating a field that's dependent multiple documents in a subcollection in Google cloud firestore?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM