时间戳

首页 > 解决方案 > Firestore 安全规则:“PERMISSION_DENIED:权限缺失或不足。”

firebase - Firestore 安全规则:“PERMISSION_DENIED:权限缺失或不足。”

问题描述

我的 Firestore 数据库有一些用户和一些foos。foo如果还没有其他人认领,则用户可以认领。他们通过在其中创建一个文档来/fooOwners/{fooId}声明这一点,该文档具有一个名为 的字段owner,该字段是对他们自己的用户文档的引用。

我想我已经在这些安全规则中捕捉到了这一点:

service cloud.firestore {
  match /databases/{database}/documents {

    // Users
    match /users/{userId} {
      // Omitted: the usual user rules.
    }

    // Foo ownership
    // Uniqueness of foo IDs is enforced by using them as document IDs.
    match /fooOwners/{fooId} {
      // Signed in users can claim a new foo.
      allow create: if request.auth.uid != null;

      // They can read ownership of their own foos, but they can't see who else owns which foos. We only list this using the Admin API from Cloud Functions.
      allow get: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);

      // They also can't change ownership directly, only by deleting and recreating.
      allow update: if false;

      // And they can only remove ownership of a foo they own themselves.
      allow delete: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
    }
  }
}

但是,在get()获取所有权文件时,我得到PERMISSION_DENIED

2018-12-03 21:38:20.197 8111-8111/cc.biketracker.android E/AndroidRuntime: FATAL EXCEPTION: main
    Process: cc.biketracker.android, PID: 8111
    com.google.android.gms.tasks.RuntimeExecutionException: com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.
        at com.google.android.gms.tasks.zzu.getResult(Unknown Source:15)
        at cc.biketracker.android.provisioning.ProvisioningActivity.lambda$onBonded$5(ProvisioningActivity.java:500)
        at cc.biketracker.android.provisioning.-$$Lambda$ProvisioningActivity$xeA3U7VpXb53FkiwAhKinRUnZbY.onComplete(Unknown Source:6)
        at com.google.android.gms.tasks.zzj.run(Unknown Source:4)
        at android.os.Handler.handleCallback(Handler.java:873)
        at android.os.Handler.dispatchMessage(Handler.java:99)
        at android.os.Looper.loop(Looper.java:193)
        at android.app.ActivityThread.main(ActivityThread.java:6680)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
     Caused by: com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.

我这样做:

        DocumentReference ownershipRef = FirebaseContext.getFooOwnerRef(selectedFooId);

        ownershipRef.get().addOnCompleteListener((task) -> {
            if (task.getResult() == null) {
                // This should never happen.
                Logg.e(TAG, "No foo ownership result.");
                return;
            }

            if (task.getResult().exists()) {
                // Check ownership is already ours.
            }
        }

/fooOwners/{fooId}如果我只是打开读取和写入设置为 true的文档,我不会收到此异常。

我的规则有什么问题?他们用模拟器测试OK。

标签: firebasegoogle-cloud-firestore

解决方案

这似乎已通过对get规则的以下更改得到解决:

allow get: if resource == null || resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);

我想当我最初get()的文件,在它存在之前,没有resource.data和没有resource.data.owner

推荐阅读