I'm using Firebase Auth and Firestore Database. I'm trying to add security rules to Firebase Database that allow users to read, update, create and delete posts. When I test my rules in the Rules Playground access is denied so I know that I have not written the rules correctly. This is an image of the database prior to adding security rules.
Now that I have added the security rules the posts collection isn't created and I get error messages in the Rules Playground of:
> Simulated write denied
> Simulated read denied
And I get console error of:
The following _CastError was thrown building CommunityPage(dirty, dependencies: [_InheritedProviderScope<UserProvider?>], state: _CommunityPageState#f5d54): type 'Null' is not a subtype of type 'String' in type cast
In the app all users should be able to create posts to add to their profile. When a user has a newly created account they do not have any posts that exist yet so I am trying to figure out how to include security rules that allow the page where posts will be displayed to appear even though it doesn't have any content when a new user is created. I have reviewed SO threads and Firebase documentation but since I am new to Flutter and Firebase I can't figure things out.
Any help would be greatly appreciated. Thank you.
We can see in the Rules Playground that:
read
and write
rules that are denied use the isSignedIn()
function which checks if the request.auth
object is not null
;You should activate the authentication simulation in the Rules Playground for your isSignedIn()
function to be evaluated to true
.
Note that most probably the error shown in the right part of the Playground shows a message corresponding to this problem but we don't see it in your screenshot.
Update following your comment:
Note that request.resource
shall only be used in a write
rule (see the doc ): this probably explains the problem with the read
rule (screenshot at the bottom in your question). You have to do:
allow read: if isSignedIn() && request.auth.uid == resource.data.uid
Note that the above rules means that there is a field named uid
in the post
document.
For the create
rule error: are you sure you pass the user's uid as the value of the field named uid
in the newly created document?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.