Firestore安全规则:“ PERMISSION_DENIED:缺少权限或权限不足。”

时间:2018-12-04 09:37:08

标签: firebase google-cloud-firestore

我的Firestore数据库有一些用户和一些foo。如果尚未有人声明foo,则用户可以声明。他们在/fooOwners/{fooId}创建一个文档,该文档具有一个名为owner的字段,该字段引用了自己的用户文档。

我认为我已经在以下安全规则中捕获了这一点:

service cloud.firestore {
  match /databases/{database}/documents {

    // Users
    match /users/{userId} {
      // Omitted: the usual user rules.
    }

    // Foo ownership
    // Uniqueness of foo IDs is enforced by using them as document IDs.
    match /fooOwners/{fooId} {
      // Signed in users can claim a new foo.
      allow create: if request.auth.uid != null;

      // They can read ownership of their own foos, but they can't see who else owns which foos. We only list this using the Admin API from Cloud Functions.
      allow get: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);

      // They also can't change ownership directly, only by deleting and recreating.
      allow update: if false;

      // And they can only remove ownership of a foo they own themselves.
      allow delete: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
    }
  }
}

但是,get()拥有所有权的文档时,我得到了PERMISSION_DENIED

2018-12-03 21:38:20.197 8111-8111/cc.biketracker.android E/AndroidRuntime: FATAL EXCEPTION: main
    Process: cc.biketracker.android, PID: 8111
    com.google.android.gms.tasks.RuntimeExecutionException: com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.
        at com.google.android.gms.tasks.zzu.getResult(Unknown Source:15)
        at cc.biketracker.android.provisioning.ProvisioningActivity.lambda$onBonded$5(ProvisioningActivity.java:500)
        at cc.biketracker.android.provisioning.-$$Lambda$ProvisioningActivity$xeA3U7VpXb53FkiwAhKinRUnZbY.onComplete(Unknown Source:6)
        at com.google.android.gms.tasks.zzj.run(Unknown Source:4)
        at android.os.Handler.handleCallback(Handler.java:873)
        at android.os.Handler.dispatchMessage(Handler.java:99)
        at android.os.Looper.loop(Looper.java:193)
        at android.app.ActivityThread.main(ActivityThread.java:6680)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
     Caused by: com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.

我这样做是这样的:

        DocumentReference ownershipRef = FirebaseContext.getFooOwnerRef(selectedFooId);

        ownershipRef.get().addOnCompleteListener((task) -> {
            if (task.getResult() == null) {
                // This should never happen.
                Logg.e(TAG, "No foo ownership result.");
                return;
            }

            if (task.getResult().exists()) {
                // Check ownership is already ours.
            }
        }

如果我只是打开/fooOwners/{fooId}文档,且其读写设置为true,则不会出现此异常。

我的规则出了什么问题?他们使用模拟器测试了OK。

1 个答案:

答案 0 :(得分:0)

以下对get规则的更改似乎已解决了该问题:

allow get: if resource == null || resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);

我想当我最初get()该文档存在之前,没有resource.data也没有resource.data.owner

相关问题
最新问题