我有一个这样的火店:
:stores
|
$Store
:orders
|
$Order
:items
我想使用与 request.auth.uid 相同的 workerUid 的用户从我的数据库中读取订单但是错误:缺少或不足权限。
我的火力计规则的重要部分:
service cloud.firestore {
match /databases/{database}/documents {
//Matches any document in the stores collection
match /stores/{store} {
function isStoreAdmin(uid) {
return get(/databases/stores/$(store)).data.adminUid == uid;
}
function isStoreWorker(uid) {
return get(/databases/stores/$(store)).data.workerUid == uid;
}
allow read: if request.auth.uid != null;
allow write: if request.auth.uid == resource.data.adminUid;
//Matches any document in the orders collection
match /orders/{document=**} {
allow read, write: if isStoreAdmin(request.auth.uid) || isStoreWorker(request.auth.uid);
}
}
}
}
有趣的是,如果我这样做,它会起作用:
match /orders/{document=**} {
allow read, write: if isStoreWorker(request.auth.uid);
}
或者这个:
match /orders/{document=**} {
allow read, write: if request.aut.uid != null;
}
在部署规则时,我没有语法错误,所以我真的不明白为什么这不起作用。有没有人有任何想法?非常感谢你!
修改
function readAllDocuments(collectionReference, callback,finishedCallback){
collectionReference.get().then(function(querySnapshot) {
querySnapshot.forEach(function(doc) {
callback(doc.id,doc.data());
});
finishedCallback();
});
}
const storeDocument = getRootCollection(STORES_COLLECTION_ID).doc(storeId);
const orderCollection = storeDocument.collection(STOREORDERS_COLLECTION_ID);
orders=new Map();
readAllDocuments(orderCollection, function (id, data) {
orders.set(id,data);
},function(){
finishedLoading();
});
答案 0 :(得分:2)
安全规则中使用get()的文档声明:
...提供的路径必须以
开头/databases/$(database)/documents
对get()路径进行以下更改:
function isStoreAdmin(uid) {
return get(/databases/$(database)/documents/stores/$(store)).data.adminUid == uid;
}
function isStoreWorker(uid) {
return get(/databases/$(database)/documents/stores/$(store)).data.workerUid == uid;
}