Firebase安全规则-删除规则不起作用

时间:2020-10-24 23:16:58

标签: javascript firebase google-cloud-firestore firebase-security

我正在尝试配置我的Firestore安全规则,以便所有用户都可以读取数据,但只有登录用户才能发布信息并删除自己的信息。删除功能不起作用,并产生以下错误:

FirebaseError:缺少权限或权限不足。

我已将安全规则配置如下:

rules_version = '2';
service cloud.firestore {
    match /databases/{database}/documents{
  match/gig-listing/{document = **} {
  allow write: if request.auth.token.admin ==true;
  allow delete: if isAuthenticated() && request.auth.uid == resource.data.userId;
  allow read;
  }
  }
}

function isAuthenticated(){
return request.auth != null;
}

..以及控制删除的组件如下:

import React, {useState, useEffect} from 'react'
import Giglisting from './Giglisting'
import Button from "@material-ui/core/Button";
import { withStyles } from '@material-ui/core/styles';
import firebase from 'firebase'

const StyledButton = withStyles({
    root: {
      background: '#54ADA6',
      borderRadius: 3,
      border: 0,
      color: 'white',
      height: 30,
      padding: '0 30px',
      marginRight: '1px'
      
    },
    label: {
      textTransform: 'capitalize',
    },
  })(Button);


const UniqueVenueListing = (props) => {
    
const gigList = props.gigList
const ref = firebase.firestore().collection('gig-listing')

const deleteGig = (gigs) => {
    ref
    .doc(gigs.id)
    .delete()
    .catch(err => {
        console.error(err)
    })
}

    return(
        <div>
          {
              gigList.map(gigs => {
                  let name = gigs.data().name
                  let genre = gigs.data().genre
                  let time = gigs.data().time
                  let tickets = gigs.data().tickets
                  let price = gigs.data().price
                 return <Giglisting
                 gigtitle = {name}
                  genre = {genre}
                  time = {time}
                  buytickets = {tickets}
                  price = {price}
                  button = {<StyledButton onClick ={() => deleteGig(gigs)}>Delete Gig</StyledButton>}
                  />
              })
            }
        </div>
    )
}

export default UniqueVenueListing

我也尝试过allow delete: if request.auth.token.admin ==true;,但没有运气。有什么建议吗?

1 个答案:

答案 0 :(得分:0)

您可以尝试使用以下安全规则配置,以避免与您在共享的安全规则配置中定义的write规则发生任何冲突。请注意,通过将write规则通过其精细操作来打破,您可以隔离delete规则并获得所需的行为。找到所有相关信息here 

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    // Matches any document in the 'gig-listing' collection or subcollections.
    match /gig-listing/{document=**} {
      // Allow everyone to read documents in the 'gig-listing' collection 
      //or subcollections
      allow read;
      //Separating the write functionality as per granular operations 
     //to isolate the delete command
      allow delete: if request.auth.uid == resource.data.userid;
      allow create, update: if request.auth.uid != null;
    }
  }
}

我发现文档的this other section对于定义安全规则以及如何查询数据非常有用。

相关问题
最新问题