stackoom
  简体   繁体   中英

Firestore security rules missing permissions on create new document for new authenticated user

 原文  2022-02-25 05:07:03       firebase/ flutter/ google-cloud-firestore/ firebase-security

Question

I'm trying to setup a role-based Firestore security rules but I'm stuck with how to create a new document if the incoming data uid matches with the auth uid.

But where to define that incoming uid?

I have tried to initialize the user uid of the new user to my model like this code below but it still missing some permissions.

final personalInfoData = PersonalInfoModel(
   uid: auth.getUid(),
   name: name,
   age: int.parse(age),
);

Here is my code looks like

match /profile/{profileId}/{document=**}{
    allow read: if isSignedIn() && docIdEqualsAuthId(profileId);
    allow create: if isSignedIn() && incomingUidEqualsAuthId();
} 

function isSignedIn(){
    return request.auth != null;
}
    
function docIdEqualsAuthId(profileId){
    return profileId == request.auth.uid;
}

function incomingUidEqualsAuthId(){
    return request.resource.data.uid == request.auth.uid;
}

Here is my controller code:

String getUid() {
  return auth.currentUser!.uid;
}

final personalInfoData = PersonalInfoModel(
  name: name,
  age: int.parse(age),
);

DocumentReference profileCRef =
    firestore.collection("profile").doc(auth.getUid());

try {
  await profileCRef.set({'personalInfo': json}, SetOptions(merge: true));
} on Exception catch (e) {
  print(e);
}

The way I setup my controller is it will create a new document with a document Id of request.auth.uid of the new user.

I want rules to identify if the new user is authenticated and the incoming request to create a profile info must have a valid user id that matches with the auth uid.

If the document still not exists in the database then create a new document with an ID of the uid.

The error I'm getting is this

W/Firestore(14626): (24.0.1) [WriteStream]: (221034) Stream closed with status: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}.

W/Firestore(14626): (24.0.1) [Firestore]: Write failed at profile/N8CuobvPdHXr40KYgebw52SmOBp2: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}

1 answers

solution1
 1 ACCPTED  2022-02-25 05:38:11

The request.resource.data is the data that you are trying to add in the document. Currently uid is not a field in document but a property in personalInfo map. So you must specify path to the field that you are trying to read in security rules. The following should work:

function incomingUidEqualsAuthId(){
    return request.resource.data.personalInfo.uid == request.auth.uid;
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question firestore security rules - create new user and check if name is free Firestore security rules : searching for a user's id in array in a document Firestore: 'Missing or insufficient permissions' when using snapshot listener with complex security rules Create new firestore document with REST API Missing or insufficient permissions firestore database rules Use parent document of the collection in firestore Security Rules Firebase Firestore rules to overcome "Missing or insufficient permissions" when deleting the documents created by the user How do I write a cloud function which creates a user in the Firestore database once a new user gets authenticated? Firestore Security: How to create rules based on a changed property which identifiers a document Allow user to update his own document (but not the roles) using Firestore security rules
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM