FireStore:获得匹配时权限被拒绝

问题描述 投票:0回答:1

我有下一个firestore规则:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{usuarios=**} {
        allow write: if get(/usuarios/$(request.auth.uid)).data.level == 0 || get(/usuarios/$(request.auth.uid)).level == 0;
    }
  }
}

当我尝试这个查询时,我得到“许可被拒绝”:

firebase.firestore().collection('usuarios').doc(uid).set({...});

这实际上是我的数据库:

enter image description here

pd:我想在我的数据库中添加有关新用户的信息(通过他的UID)

firebase firebase-security google-cloud-firestore
1个回答
2
投票

由于你按照get的要求付费,这将是非常昂贵和低效的。相反,您应该编写规则,就像定义数据库的结构一样。这就是我的意思:

service cloud.firestore {
  match /databases/{database}/documents {
    match /usuarios/{uid} {
      // Give write access to any field within the document who's id is the uid
      // Add other validation as needed.
      allow write: if uid == request.auth.uid
          // Give admin access to anyone who's `level == 0`
          // Make sure to add the `databases...` boilerplate
          || get(/databases/$(database)/documents/usuarios/$(request.auth.uid)).data.level == 0;

      // If necessary, give access to sub-collections.
      // (We can't do it for uid or it will become a path object that we can't use as a string.)
      /{sub=**} {
        allow write: if uid == request.auth.uid;
      }
    }
  }
}

如果您希望看到完全刷新的规则正在做一些非常相似的事情,我有一个open source exemple。干杯!

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.