这是我的规则,适用于img目录:
match /img {
match /{fileId} {
allow read,
write: if request.resource.contentType.matches('image/jpeg')
|| request.resource.contentType.matches('image/png')
|| request.resource.contentType.matches('image/gif')
&& request.resource.size < 2 * 1024 * 1024
}
}
}
问题是这些规则也被应用于delete(),因为它也是一个write方法,所以它总是返回一个权限错误。我无法在文档中找到有关此内容的任何内容。如何推迟POST / PUT规则和DELETE规则?
答案 0 :(得分:22)
自己找到解决方案。通过在没有资源发送(删除)时允许应用规则,它也获得写入权限。其余的创建/更新代码将发送到OR表达式。
match /img {
match /{fileId} {
allow read,
write: if request.resource == null ||
(request.resource.contentType.matches('image/jpeg')
|| request.resource.contentType.matches('image/png')
|| request.resource.contentType.matches('image/gif')
&& request.resource.size < 2 * 1024 * 1024)
}
}
答案 1 :(得分:0)
这适用于那些希望特定用户创建和删除的人。
// Grants a user access to a node matching their user ID
service firebase.storage {
match /b/{bucket}/o {
// Allow write files to the path "images/*", subject to the constraints:
// 1) File is less than 10MB
// 2) Content type is an image or Content type is null for delete operation
match /user/{userId}/images/{allPaths=**} {
allow read: if resource.size < 10 * 1024 * 1024
&& request.auth != null;
allow write: if request.auth.uid == userId
&& (
request.resource == null
||
(
request.resource.contentType.matches('image/.*')
&& request.resource.size < 10 * 1024 * 1024
)
)
}
}
}