Question

我没有想法。希望新的眼睛可以帮助。

我有以下安全规则：

function isUser (request, userKey) {
  return request.auth.uid == userKey;
}

function isAuthorized(request){
    return request.auth.uid != null;
}

function isAdmin (request) {
  return root.child('users').child(request.auth.uid).child('isAdmin').val() == true;
}

service cloud.firestore{
    match /databases/{database}/documents {
        match /users/{uid} {
          allow create: if isAuthorized(request) || isAdmin(request);
          allow update: if isUser(request, uid) || isAdmin(request);
        }

        match /userReadable/{objectType}/{uid} {
          allow read: if isUser(request, uid) || isAdmin(request);
          allow write: if isAdmin(request);
        }

        match /userWriteable/{objectType}/{uid} {
          allow read: if isAdmin(request);
          allow write: if isUser(request, uid) || isAdmin(request);
        }

        match /userOwned/{objectType}/{uid} {
          allow read: if isUser(request, uid) || isAdmin(request);
          allow write: if isUser(request, uid) || isAdmin(request);
        }
    }
}

我在以下代码中设置文档：

 FirebaseFirestore db = getDB();
        PulseFirebaseModel pulse = new PulseFirebaseModel((PulseModel) object);
        try {
            final DocumentReference doc = db.collection(COLLECTION_USER_WRITABLE)
                    .document(OBJECT_PULSE_SAMPLE)
                    .collection(FirebaseApp.getInstance().getUid())
                    .document();

            doc.set(pulse, SetOptions.merge())
                    .addOnCompleteListener(new OnCompleteListener<Void>() {
                        @Override
                        public void onComplete(@NonNull Task<Void> task) {
                            if(task.isSuccessful()){
                                Log.d(TAG, "Saved sample: " + doc.getId() +"\t"+doc.getPath());
                                onSuccess();
                            }else{
                                onFailure("Could not save Ppg\t"
                                        + task.getException().getMessage()
                                        + "\ndoc Path:" + doc.getPath()
                                        + "\ndoc id: " + doc.getId()
                                        + "\n" + task.getResult());
                            }
                        }
                    });
        } catch (FirebaseApiNotAvailableException e) {
            e.printStackTrace();
        }
    }

我收到以下权限被拒绝的消息：

PERMISSION_DENIED：权限丢失或不足。

doc Path：userWriteable / pulseSample / xxxxx / Bba6pdgfMY98NmsAg1Hl

doc id：Bba6pdgfMY98NmsAg1Hl

这是我的FireIDApp注册的UID： Uid：xxxxx

/users/{uid}匹配完美无缺。而我还没有实现其他2场比赛。我查看了this question以及this和this 我已登录并请求发送正确的request.auth.uid

我根本想不出来。任何帮助将不胜感激。

Answer 1

由于您使用document()写入自动生成的文档ID，因此您的规则需要在路径末尾包含文档ID的通配符：

match /userWriteable/{objectType}/{uid}/{docId} { // <== added /{docId}
  allow read: if isAdmin(request);
  allow write: if isUser(request, uid) || isAdmin(request);
}

尽管规则与文档集路径匹配，但Firestore权限被拒绝

1 个答案: