我有 Firestore 规则:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isAuthenticated() {
return request.auth.uid != null;
}
function ownsData(id) {
return request.auth.uid == id;
}
match /feedpoints/{fid} {
allow read: if request.auth != null;
}
match /feedpoints/{fid} {
allow write: if false;
}
match /profiles {
allow list: if false;
match /{pid} {
allow read: if isAuthenticated() && request.auth.uid == pid;
}
match /subscriptions {
allow list: if isAuthenticated();
match /{sid} {
allow read, write, list: if isAuthenticated() && ownsData(sid);
}
}
match /bookmarks {
allow list: if isAuthenticated();
match /{bid} {
allow read, write, list: if isAuthenticated() && ownsData(bid);
}
}
}
}
}
我想做的是能够列出
/profiles/{pid}/subscriptions[cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation.
另一件事可能相关:
Listen for Query(target=Query(profiles/qguefZV3SjOpf1CGdIJrmufoUBPK/subscriptions order by __name__);limitType=LIMIT_TO_FIRST) failed: Status{code=PERMISSION_DENIED, description=No matching allow statements, cause=null}
我正在使用 Firebase 模拟器进行测试。
尽管明确将
allow list: if isAuthenticated()match /subscriptison根据文档,
嵌套match语句时,内层match语句的路径 始终相对于外部匹配语句的路径。
因此,订阅匹配语句应该位于
match /{pid}profiles 集合中的子集合。
match /{pid} {
allow read: if isAuthenticated() && request.auth.uid == pid;
match /subscriptions {
allow list: if isAuthenticated();
match /{sid} {
allow read, write, list: if isAuthenticated() && ownsData(sid);
}
}
}