stackoom
  简体   繁体   中英

Firebase GET request blocked by simple firebase rules

 原文  2022-09-10 19:18:29       javascript/ google-cloud-firestore/ firebase-security

Question

I have the following collection group query:

const userInRooms = await firestore()
        .collectionGroup('userRooms')
        .where('uid', '==', authenticatedUser.uid)
        .get();

And it works fine. But since I added security rule:

match /rooms/{docId} {
      allow read;
      allow write;
      match /userRooms/{docId} {
        allow read;
        allow write;
      }
    }

userRooms is subcollection in rooms .
It stopped working and I getting:

NativeFirebaseError: [firestore/permission-denied] The caller does not have permission to execute the specified operation.

1 answers

solution1
 2 ACCPTED  2022-09-10 19:24:47

Cascading the sub-collections rules that way doesn't work for collection group queries . A recursive wildcard must be present at the beginning of the path so it'll match any collections with that name. Try:

match /rooms/{docId} {
  //...
}

match /{path=**}/userRooms/{docId} {
  allow read, write: if true;
}

Do change the rules as required instead of allowing everyone to read the database (unless they are allowed to).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cors Request Blocked Firebase Functions Firebase Google Authentication Says: Access blocked: This app’s request is invalid Firebase Firestore Rules Subcollections How to fix firebase storage rules failing client side request How do I get the correct condition in Firebase Rules? Firebase realtime database rules Firebase Rules wildcard Key Having trouble with firebase rules How to set rules to users in firebase? Firebase Storage Emulator rules not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM