stackoom
  简体   繁体   中英

How to add firebase security rules for Flutter collection that hasn't been created yet

 原文  2022-02-08 01:08:38       firebase/ flutter/ google-cloud-firestore/ firebase-security

Question

I'm using Firebase Auth and Firestore Database. I'm trying to add security rules to Firebase Database that allow users to read, update, create and delete posts. When I test my rules in the Rules Playground access is denied so I know that I have not written the rules correctly. This is an image of the database prior to adding security rules.

在此处输入图像描述

Now that I have added the security rules the posts collection isn't created and I get error messages in the Rules Playground of:

> Simulated write denied 
> Simulated read denied

在此处输入图像描述

在此处输入图像描述

And I get console error of:

The following _CastError was thrown building CommunityPage(dirty, dependencies: [_InheritedProviderScope<UserProvider?>], state: _CommunityPageState#f5d54): type 'Null' is not a subtype of type 'String' in type cast

In the app all users should be able to create posts to add to their profile. When a user has a newly created account they do not have any posts that exist yet so I am trying to figure out how to include security rules that allow the page where posts will be displayed to appear even though it doesn't have any content when a new user is created. I have reviewed SO threads and Firebase documentation but since I am new to Flutter and Firebase I can't figure things out.

Any help would be greatly appreciated. Thank you.

1 answers

solution1
 2 ACCPTED  2022-02-08 08:28:55

We can see in the Rules Playground that:

  • The read and write rules that are denied use the isSignedIn() function which checks if the request.auth object is not null ;
  • But you don't simulate the user's authentication while using the Rules Playground: see the "Authenticated" switch above the "Run" button in the left pane of the Rules Playground

You should activate the authentication simulation in the Rules Playground for your isSignedIn() function to be evaluated to true .

Note that most probably the error shown in the right part of the Playground shows a message corresponding to this problem but we don't see it in your screenshot.

Update following your comment:

Note that request.resource shall only be used in a write rule (see the doc ): this probably explains the problem with the read rule (screenshot at the bottom in your question). You have to do:

allow read: if isSignedIn() && request.auth.uid == resource.data.uid

Note that the above rules means that there is a field named uid in the post document.

For the create rule error: are you sure you pass the user's uid as the value of the field named uid in the newly created document?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question My flutter iOS app hasn't been released yet. How can I know my firebase dynamic link works to open Appstore if the app isn't installed yet? How to add OR operator in Firebase Security Rules Firebase Security Rules to specific Collection? File stored in app document directory always exists although it hasn't been created (Flutter) Add collection on Firebase flutter Firebase Function Firebase Error: deadline-exceeded when it hasn't timed out yet Firebase rules -- can't access my collection How is not using Firebase Security Rules a security risk? How to add a subcollection in a users document that has been created in Firestore with flutter Firebase security rules (.read)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM