无论我用什么来执行get()请求,当使用作为“成员”的userID登录时,都会获得Missing or insufficent permissions:
function isSelf(userID) {
return request.auth != null && request.auth.uid != null && request.auth.uid == userID
}
function isMember(userID) {
return request.auth != null && request.auth.uid != null && get(/databases/$(database)/documents/'members'/$(request.auth.uid)).data.parent == userID
}
match /templates/{userID} {
allow read, write: if false
match /templates/{templateID} {
allow read: if isSelf(userID) || isMember(userID)
allow write: if isSelf(userID)
allow delete: if false
}
allow read: if isSelf(userID) || isMember(userID)
allow write: if isSelf(userID)
}
尝试将get()与.data.parent和.parent一起使用成员文档如下所示:
{
parent: 'USER_ID_OF_PARENT'
}
从客户端应用发出的呼叫是:
export const getTemplate = async ({ userID, form }) => {
db.collection('templates').doc(userID).collection('templates').doc(form).get()
.then((doc) => {
})
.catch((err) => {
console.error(err)
})
}
数据库结构为:
/users/{userID} parent字段的字符串值为SOME_USER_ID,与用户ID为{ SOME_USER_ID中的{1}} 示例:
/users/{userID}文档:
/members/'MEMBER_1' {
name: 'Member 1',
parent: 'OWNING_USER_1'
}
文档:
/users/'OWNING_USER_1' {
name: 'Owning User 1',
parent: 'OWNING_USER_1'
}
文档:
/templates/'OWNING_USER_1' {
// no fields
}
文档:
/templates/'OWNING_USER_1'/templates/'FORM_1'通过以下呼叫:
{
name: 'Form 1'
}
getTemplate({
userID: 'OWNING_USER_1',
form: 'FORM_1'
})
规则返回true),并且返回找到的模板文档isSelf()(Missing or insufficient permissions规则返回false)答案 0 :(得分:1)
删除了“成员”周围的引号,现在可以正常使用了:
已替换:
function removeItem(arr, i) {
arr.splice(i, 1);
}
var animals = ["cat", "dog", 2, 11, "bird", 13];
var i;
for (i = animals.length - 1; i >= 0; --i) {
if (!isNaN(animals[i])) {
removeItem(animals, i);
}
}
console.log(animals);
具有:
get(/databases/$(database)/documents/'members'/$(request.auth.uid)).data.parent