firebase - Firestore 安全规则:“PERMISSION_DENIED:权限缺失或不足。”
问题描述
我的 Firestore 数据库有一些用户和一些foo
s。foo
如果还没有其他人认领,则用户可以认领。他们通过在其中创建一个文档来/fooOwners/{fooId}
声明这一点,该文档具有一个名为 的字段owner
,该字段是对他们自己的用户文档的引用。
我想我已经在这些安全规则中捕捉到了这一点:
service cloud.firestore {
match /databases/{database}/documents {
// Users
match /users/{userId} {
// Omitted: the usual user rules.
}
// Foo ownership
// Uniqueness of foo IDs is enforced by using them as document IDs.
match /fooOwners/{fooId} {
// Signed in users can claim a new foo.
allow create: if request.auth.uid != null;
// They can read ownership of their own foos, but they can't see who else owns which foos. We only list this using the Admin API from Cloud Functions.
allow get: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
// They also can't change ownership directly, only by deleting and recreating.
allow update: if false;
// And they can only remove ownership of a foo they own themselves.
allow delete: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
}
}
}
但是,在get()
获取所有权文件时,我得到PERMISSION_DENIED
:
2018-12-03 21:38:20.197 8111-8111/cc.biketracker.android E/AndroidRuntime: FATAL EXCEPTION: main
Process: cc.biketracker.android, PID: 8111
com.google.android.gms.tasks.RuntimeExecutionException: com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.
at com.google.android.gms.tasks.zzu.getResult(Unknown Source:15)
at cc.biketracker.android.provisioning.ProvisioningActivity.lambda$onBonded$5(ProvisioningActivity.java:500)
at cc.biketracker.android.provisioning.-$$Lambda$ProvisioningActivity$xeA3U7VpXb53FkiwAhKinRUnZbY.onComplete(Unknown Source:6)
at com.google.android.gms.tasks.zzj.run(Unknown Source:4)
at android.os.Handler.handleCallback(Handler.java:873)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6680)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
Caused by: com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.
我这样做:
DocumentReference ownershipRef = FirebaseContext.getFooOwnerRef(selectedFooId);
ownershipRef.get().addOnCompleteListener((task) -> {
if (task.getResult() == null) {
// This should never happen.
Logg.e(TAG, "No foo ownership result.");
return;
}
if (task.getResult().exists()) {
// Check ownership is already ours.
}
}
/fooOwners/{fooId}
如果我只是打开读取和写入设置为 true的文档,我不会收到此异常。
我的规则有什么问题?他们用模拟器测试OK。
解决方案
这似乎已通过对get
规则的以下更改得到解决:
allow get: if resource == null || resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
我想当我最初get()
的文件,在它存在之前,没有resource.data
和没有resource.data.owner
。
推荐阅读
- bash - 为什么当通过管道传输到其他命令时 docker 伪 tty 会破坏输出?
- dart - 如何在文本下添加按钮
- excel - ALV 网格仅加载前 64 行,如何更改默认加载
- google-maps - Clojurescript - 无法限制到 Google Places Autocomplete API 中的城市
- machine-learning - 如何训练用于提取值的对话流可能不会被空间分割
- azure - 此版本的 SQL Server 不支持“CREATE CREDENTIAL”
- java - 在java流中使用return语句
- java - Intellij 不询问 Git 凭据,但在身份验证期间失败
- javascript - 如何在 React.js 中使用 componentWillUnmount 删除 setInterval
- odoo - 重叠的 Odoo 时间表