堆棧內存溢出
  簡體   English   中英

Firebase 權限被拒絕 Firebase 仿真器上的錯誤

[英]Firebase Permission denied Error on Firebase emulator

 原文  2020-05-24 10:24:29       javascript/ firebase/ google-cloud-firestore/ jestjs/ firebase-security

問題描述

我正在參考本教程以了解 Firestore 安全規則。 我已經從存儲庫中提取了代碼,它與視頻的代碼相匹配。 我更改了setup代碼以運行firestore.rules而不是firestore-test.rules ,並嘗試運行firebase emulators:startjest./spec遵循相同的目錄結構,我未能通過"should allow delete when user is admin"的測試"should allow delete when user is admin""should not allow delete for normal user"失敗的原因是通配符中的寫入規則。 有誰知道出了什么問題?

collections.spec.js

const { setup, teardown } = require("./helpers");


describe("General Safety Rules", () => {
  afterEach(async () => {
    await teardown();
  });

  test("should deny a read to the posts collection", async () => {
    const db = await setup();
    const postsRef = db.collection("posts");
    await expect(postsRef.get()).toDeny();
  });

  test("should deny a write to users even when logged in", async () => {
    const db = await setup({
      uid: "danefilled"
    });

    const usersRef = db.collection("users");
    await expect(usersRef.add({ data: "something" })).toDeny();
  });
});

describe("Posts Rules", () => {
  afterEach(async () => {
    await teardown();
  });

  test("should allow update when user owns post", async () => {
    const mockData = {
      "posts/id1": {
        userId: "danefilled"
      },
      "posts/id2": {
        userId: "not_filledstacks"
      }
    };

    const mockUser = {
      uid: "danefilled"
    };

    const db = await setup(mockUser, mockData);

    const postsRef = db.collection("posts");

    await expect(
      postsRef.doc("id1").update({ updated: "new_value" })
    ).toAllow();

    await expect(postsRef.doc("id2").update({ updated: "new_value" })).toDeny();
  });

  test("should allow delete when user owns post", async () => {
    const mockData = {
      "posts/id1": {
        userId: "danefilled"
      },
      "posts/id2": {
        userId: "not_filledstacks"
      }
    };

    const mockUser = {
      uid: "danefilled"
    };

    const db = await setup(mockUser, mockData);

    const postsRef = db.collection("posts");

    await expect(postsRef.doc("id1").delete()).toAllow();

    await expect(postsRef.doc("id2").delete()).toDeny();
  });

  test("should allow delete when user is admin", async () => {
    const mockData = {
      "users/filledstacks": {
        userRole: "Admin"
      },
      "posts/id1": {
        userId: "not_matching1"
      },
      "posts/id2": {
        userId: "not_matching2"
      }
    };

    const mockUser = {
      uid: "filledstacks"
    };

    const db = await setup(mockUser, mockData);

    const postsRef = db.collection("posts");

    await expect(postsRef.doc("id1").delete()).toAllow();
  });

  test("should not allow delete for normal user", async () => {
    const mockData = {
      "users/filledstacks": {
        userRole: "User"
      },
      "posts/id1": {
        userId: "not_matching1"
      },
      "posts/id2": {
        userId: "not_matching2"
      }
    };

    const mockUser = {
      uid: "filledstacks"
    };

    const db = await setup(mockUser, mockData);

    const postsRef = db.collection("posts");

    await expect(postsRef.doc("id1").delete()).toDeny();
  });

  test("should allow adding a post when logged in", async () => {
    const db = await setup({
      uid: "userId"
    });

    const postsRef = db.collection("posts");
    await expect(postsRef.add({ title: "new_post" })).toAllow();
  });

  test("should deny adding a post when not logged in", async () => {
    const db = await setup();
    const postsRef = db.collection("posts");
    await expect(postsRef.add({ title: "new post" })).toDeny();
  });
});

firestore.rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {



    // lock down the db
    match /{document=**} {
      allow read: if false;
      allow write: if false;
    }

    match /posts/{postId} {
      allow update: if userOwnsPost();
      allow delete: if userOwnsPost() || userIsAdmin();
      allow create: if loggedIn();
    }

    function loggedIn() {
      return request.auth.uid != null;
    }

    function userIsAdmin() {
      return getUserData().userRole == 'Admin';
    }

    function getUserData() {
      return get(/databases/$(database)/documents/users/$(request.auth.uid)).data
    }

    function userOwnsPost() {
      return resource.data.userId == request.auth.uid;
    }
  }
}

來自終端的錯誤跟蹤

FirebaseError: 7 PERMISSION_DENIED: 
false for 'create' @ L10


  ● Posts Rules › should not allow delete for normal user

FirebaseError: 7 PERMISSION_DENIED: 
false for 'create' @ L10

  at new FirestoreError (/Users/../../../../../../../../../Resources/rules/node_modules/@firebase/firestore/src/util/error.ts:166:5)
  at ClientDuplexStream.<anonymous> (/Users/../../../../../../../../../Resources/rules/node_modules/@firebase/firestore/src/platform_node/grpc_connection.ts:240:13)
  at ClientDuplexStream._emitStatusIfDone (/Users/../../../../../../../../../Resources/rules/node_modules/grpc/src/client.js:234:12)
  at ClientDuplexStream._receiveStatus (/Users/../../../../../../../../../Resources/rules/node_modules/grpc/src/client.js:211:8)
  at Object.onReceiveStatus (/Users/../../../../../../../../../Resources/rules/node_modules/grpc/src/client_interceptors.js:1311:15)
  at InterceptingListener._callNext (/Users/../../../../../../../../../Resources/rules/node_modules/grpc/src/client_interceptors.js:568:42)
  at InterceptingListener.onReceiveStatus (/Users/../../../../../../../../../Resources/rules/node_modules/grpc/src/client_interceptors.js:618:8)
  at /Users/../../../../../../../../../Resources/rules/node_modules/grpc/src/client_interceptors.js:1127:18

2 個解決方案

解決方案1
 6  2020-06-03 11:23:51

我實際上是按照相同的教程開始使用 firebase 仿真器並得到相同類型的錯誤消息。 我的問題是,當您啟動模擬器時,它會自動查找您的firestore.rules文件並加載規則。 因此,當您添加mockData時,規則已經適用。

為了使您的測試代碼正常工作,請將firebase.json中的 Firestore 規則文件的設置更改為不存在的文件(或允許所有讀/寫的規則文件)或將mockData作為管理員添加到您的setup ZC1C4252648E78 ,例如:

module.exports.setup = async (auth, data) => {
  const projectId = `rules-spec-${Date.now()}`;
  const app = firebase.initializeTestApp({
    projectId,
    auth
  });

  const db = app.firestore();

  // Initialize admin app
  const adminApp = firebase.initializeAdminApp({
    projectId
  });

  const adminDB = adminApp.firestore();

  // Write mock documents before rules using adminApp
  if (data) {
    for (const key in data) {
      const ref = adminDB.doc(key);
      await ref.set(data[key]);
    }
  }

  // Apply rules
  await firebase.loadFirestoreRules({
    projectId,
    rules: fs.readFileSync('firestore.rules', 'utf8')
  });

  return db;
};

希望這可以幫助。

也看到這個問題

解決方案2
 0  2021-05-30 13:47:41

對於目前遇到此問題的用戶,firestore 8.6.1(或同等版本),這里討論了一個錯誤: https://github.com/firebase/firebase-tools/issues/3258#issuecomment-814402977

修復方法是降級到 firestore 8.3.1,或者如果您將來閱讀本文並且 firestore >= 9.9.0 已發布,請升級到該版本。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Firebase數據庫權限被拒絕錯誤 Firebase取消驗證-引發錯誤:permission_denied Firebase .push()引發&#39;permission_denied&#39;錯誤 Firebase數據庫如何捕獲權限被拒絕錯誤 登錄WithEmailAndPassword 時出現 Firebase Firestore 權限被拒絕錯誤 Firebase 9,混音:addDoc() 返回“PERMISSION DENIED”錯誤 Nuxtjs/Firebase 權限被拒絕 Firebase 拒絕許可 Firebase 權限被拒絕 在 firebase 中更改規則后 Firebase 權限被拒絕錯誤
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM