Firebase安全规则-can';无法使用get()获取资源
我正试图用get()在firebase安全控制台中编写一个规则,但无论如何都无法获取资源数据。。。如果用户uid位于文档字段、数组或映射中,我希望用户能够读取文档及其子集合 我的收藏结构: /boards/(boardId)/…更多 (boardId)文档中的字段:Firebase安全规则-can';无法使用get()获取资源,firebase,google-cloud-firestore,firebase-security,Firebase,Google Cloud Firestore,Firebase Security,我正试图用get()在firebase安全控制台中编写一个规则,但无论如何都无法获取资源数据。。。如果用户uid位于文档字段、数组或映射中,我希望用户能够读取文档及其子集合 我的收藏结构: /boards/(boardId)/…更多 (boardId)文档中的字段: 名称:“董事会名称” 所有者ID:“MYID12345” guestsId(数组):[“MYID12345”] guestsMap(地图):[MYID12345:true] 安全规则: rules_version = '2';
- 名称:“董事会名称”
- 所有者ID:“MYID12345”
- guestsId(数组):[“MYID12345”]
- guestsMap(地图):[MYID12345:true]
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /boards/{boardId=**} {
// rules here
}
}
}
到目前为止,我所尝试的:
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap[request.auth.uid] == true;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap[true];
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).request.data.guestsId[request.auth.uid];
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).request.data.guestsId;
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId == request.auth.uid;
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId == "MYID12345";
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).resource.data.ownerId == request.auth.uid;
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).request.data.ownerId == request.auth.uid;
这些都不起作用,总是得到:
ERROR FirebaseError: Missing or insufficient permissions.
允许读取:如果为true,则使应用程序正常运行。
我坚持文档,但它对我不起作用
@更新
match /boards/{boardId=**} {
allow read: if resource.data.ownerId == request.auth.uid;
}
也不能这样使用它,因为每个子集合都在其文档中查找ownerId字段,而ownerId或朋友列表数组仅在board文档中
@更新
match /boards/{boardId=**} {
allow read: if resource.data.ownerId == request.auth.uid;
}
我试着这样做,但没用:
match /boards/{boardId} {
allow read, write: if request.auth.uid in resource.data.guestsId || request.auth.uid == resource.data.ownerId;
allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));
function passResource() {
return request.auth.uid in resource.data.guestsId || request.auth.uid == resource.data.ownerId;
}
match /categoryList/{categoryId} {
allow read, write: if passResource();
}
...
}
我在这里遗漏了什么?好的,我找到了一个有效的解决方案:
match /databases/{database}/documents {
match /boards/{boardId} {
allow read: if request.auth.uid in resource.data.guestsId || request.auth.uid == resource.data.ownerId;
allow write: if request.auth.uid == resource.data.ownerId;
allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));
function isAllowed() {
return request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId || request.auth.uid == get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId;
}
match /categoryList/{category} {
allow read, write: if isAllowed();
match /taskList/{task} {
allow read, write: if isAllowed();
}
}
...
}
同样有趣的是,它不想这样工作:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /boards/{boardId=**} {
allow read, write: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId || request.auth.uid == get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId;
allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));
}
}
因为:
Error: simulator.rules line [5], column [49]. Property guestsId is undefined on object.
我猜问题是$(boardId)由于使用了通配符而获取子集合名称。