我有以下 Firestore 规则,但它们不起作用。
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// This rule allows anyone with your Firestore database reference to view, edit,
// and delete all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// all client requests to your Firestore database will be denied until you Update
// your rules
match /{document=**} {
allow read, write: if request.time < timestamp.date(2023,10, 30);
}
match /requests/{item} {
allow update,write,create: if request.resource.data.commision > 0;
}
match /businesses/{business} {
// Allow the user to delete cities if their user document has the
// 'admin' field set to 'true'
allow delete: if get(/databases/$(database)/documents/requests/{requestId}).data.business_received != business
&& get(/databases/$(database)/documents/requests/{requestId}).data.business_send != business
}
}
}
在我的 flutter 应用程序中,我仍然可以添加具有负佣金值的新请求模型,并且即使有对该业务的请求,也可以删除业务模型。
我本以为规则会抛出错误,以便我可以将其显示给用户,但它更新数据库时忽略了这两条规则。
如文档中所述“在多个允许表达式匹配一个请求的情况下,如果任何一个条件为真,则允许访问”
与
match /{document=**} {
allow read, write: if request.time < timestamp.date(2023,10, 30);
}
您允许对数据库中的所有文档进行所有读写操作(直到 2023 年 10 月 30 日),因此您的其他规则不会被考虑在内。
删除它应该可以解决您的问题。