[英]Firestore Security Rule: Allow read only for Author rule not working
我正在尝试使用availability
状态来保护我的文档,该状态可以是public
或private
。 每个人都可以阅读public
文档,而创建文档的用户可以阅读private
文档(意味着creatorUid
设置为用户的 uid)。
这些是我的规则:
match /Routines/{document} {
allow read: if resource.data.availability == "public" || (resource.data.availability == "private" && resource.data.creatorUid == request.auth.uid);
allow write: if true;
}
我创建了一些测试来查看我的规则是否有效:
describe.only("Routine Routine Rules", () => {
const userAuthA = { uid: "user123", email: "userA@test.com" };
const demoRoutinePrivate = {
id: "DemoRoutine",
title: "Demo Routine",
availability: "private",
creatorUid: userAuthA.uid,
exercises: []
}
it("Authors can read private routines", async () => {
const admin = getAdminFirestore();
await admin.collection("Routines").doc(demoRoutinePrivate.id).set(demoRoutinePrivate);
const db1 = getAuthedFirestore(userAuthA);
const routines1 = db1.collection("Routines").where("creatorUid", "==", userAuthA.uid);
const routine1 = db1.collection("Routines").doc(demoRoutinePrivate.id);
await firebase.assertSucceeds(routines1.get());
await firebase.assertSucceeds(routine1.get());
});
});
但是,我收到此错误:
FirebaseError:
Property availability is undefined on object. for 'list' @ L33
我很确定我的文档设置了availabilty
属性,所以我不明白这个错误。
我想到了。 我的查询有误。
const routines1 = db1.collection("Routines").where("creatorUid", "==", userAuthA.uid);
正确的查询是:
const routines1 = db1.collection("Routines").where("availability", "==", "private").where("creatorUid", "==", userAuthA.uid);
虽然最初的错误信息不是很有帮助......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.