管理员安全规则不断被阻止

时间:2019-05-06 14:00:30

标签: angular firebase angular6 firebase-security-rules

我正在尝试为Firebase编写安全规则。我在检查用户是否为管理员方面一直遇到问题。

用户只能访问自己的数据,管理员可以删除用户及其注释和联系人。

match /users/{userId} {
  allow read: if isSignedIn();
  allow update: if request.auth.uid == userId || isAppAdmin() || isOrganisationAdmin();
  allow create, delete: if isAppAdmin() || isOrganisationAdmin();
}

match /contacts/{contactId} {
  allow read: if isSignedIn();
  allow create: if isSignedIn() && incomingData().uid == request.auth.uid;
  allow delete: if existingData().uid == request.auth.uid || isAppAdmin() ||
    getOrganisationData(getUserData().organisationId).adminId == request.auth.uid;
  allow update: if isSignedIn() && existingData().uid == request.auth.uid;
}

match /notes/{noteId} {
  allow read: if isSignedIn();
  allow create: if isSignedIn() && incomingData().uid == request.auth.uid;
  allow delete: if existingData().uid == request.auth.uid || isAppAdmin() ||
    getOrganisationData(getUserData().organisationId).adminId == request.auth.uid;
  allow update: if isSignedIn() && existingData().uid == request.auth.uid;
}

// Functions //
  function isSignedIn() {
  	return request.auth != null;
  }
  
  function isOrganisationAdmin() {
   return getOrganisationData(getUserData().organisationId).adminId ==       request.auth.uid;
  }
  
  function isAppAdmin() {
  	return request.auth.token.email == 'travelnoteshh@gmail.com';
  }
  
  function getUserData() {
  	return get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
  }
  
  function getOrganisationData(organisationId) {
  	return get(/databases/$(database)/documents/organisations/$(organisationId)).data;
  }

我已经相信isOrganisationAdmin()函数存在问题,因为isAppAdmin()函数确实起作用。谁能帮忙吗?

0 个答案:

没有答案
相关问题
最新问题