Firebase安全规则-无法使用get()获取资源

时间:2020-02-28 07:21:58

标签: firebase google-cloud-firestore firebase-security

我正在尝试使用get()在Firebase安全控制台中编写一条规则,但是无论如何我都无法获取资源数据...如果用户uid在document字段中,我希望文档及其子集合对用户可读,数组或映射。

我的收藏结构: / boards /(boardId)/ ...更多

(boardId)文档中的字段:

  • 名称:“板名”
  • ownerId:“ MYID12345”
  • guestsId(array):[“ MYID12345”]
  • guestsMap(地图):[MYID12345:是]

安全规则:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {   
    match /boards/{boardId=**} {
      // rules here
    }
  }
}

到目前为止,我已经尝试过:

allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap[request.auth.uid] == true;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap[true];

allow read: if get(/databases/$(database)/documents/boards/$(boardId)).request.data.guestsId[request.auth.uid];
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).request.data.guestsId;

allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId == request.auth.uid;
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId == "MYID12345";
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).resource.data.ownerId == request.auth.uid;
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).request.data.ownerId == request.auth.uid;

这些都不起作用,总能得到:

ERROR FirebaseError: Missing or insufficient permissions.

允许读取:如果为true,则使应用程序正常运行。 我坚持使用文档,但对我来说不起作用...

@update 

match /boards/{boardId=**} {
  allow read: if resource.data.ownerId == request.auth.uid;
}

也不能这样使用它,因为那样,每个子集合都在其文档中寻找ownerId字段,并且ownerId或朋友列表数组仅在董事会文档中。

@update

我试图这样做,但是没有帮助:

match /boards/{boardId} {
    allow read, write: if request.auth.uid in resource.data.guestsId  || request.auth.uid == resource.data.ownerId;
    allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));

    function passResource() {
        return request.auth.uid in resource.data.guestsId  || request.auth.uid == resource.data.ownerId;
    }

    match /categoryList/{categoryId} {
        allow read, write: if passResource();
    }

    ...
}

我在这里想念什么?

1 个答案:

答案 0 :(得分:0)

好的,我找到了一个可行的解决方案:

  match /databases/{database}/documents {  
    match /boards/{boardId} {
      allow read: if request.auth.uid in resource.data.guestsId  || request.auth.uid == resource.data.ownerId;
      allow write: if request.auth.uid == resource.data.ownerId;
      allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));

      function isAllowed() {
        return request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId || request.auth.uid == get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId;
      }
      match /categoryList/{category} {
        allow read, write: if isAllowed();

        match /taskList/{task} {
            allow read, write: if isAllowed();
        }
      }
      ...
  }

也很有趣,它不想这样工作:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {  
    match /boards/{boardId=**} {
      allow read, write: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId || request.auth.uid == get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId;
      allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));
    }
 }

因为:

Error: simulator.rules line [5], column [49]. Property guestsId is undefined on object.
相关问题
最新问题