Javascript Firebase安全规则-删除规则不起作用
我正在尝试配置firestore安全规则,以便所有用户都可以读取数据,但只有登录的用户才能发表文章和删除自己的文章。删除功能不起作用,并产生以下错误: FirebaseError:缺少或权限不足 我已按如下方式配置了安全规则:Javascript Firebase安全规则-删除规则不起作用,javascript,firebase,google-cloud-firestore,firebase-security,Javascript,Firebase,Google Cloud Firestore,Firebase Security,我正在尝试配置firestore安全规则,以便所有用户都可以读取数据,但只有登录的用户才能发表文章和删除自己的文章。删除功能不起作用,并产生以下错误: FirebaseError:缺少或权限不足 我已按如下方式配置了安全规则: rules_version = '2'; service cloud.firestore { match /databases/{database}/documents{ match/gig-listing/{document = **} { allow
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents{
match/gig-listing/{document = **} {
allow write: if request.auth.token.admin ==true;
allow delete: if isAuthenticated() && request.auth.uid == resource.data.userId;
allow read;
}
}
}
function isAuthenticated(){
return request.auth != null;
}
import React, {useState, useEffect} from 'react'
import Giglisting from './Giglisting'
import Button from "@material-ui/core/Button";
import { withStyles } from '@material-ui/core/styles';
import firebase from 'firebase'
const StyledButton = withStyles({
root: {
background: '#54ADA6',
borderRadius: 3,
border: 0,
color: 'white',
height: 30,
padding: '0 30px',
marginRight: '1px'
},
label: {
textTransform: 'capitalize',
},
})(Button);
const UniqueVenueListing = (props) => {
const gigList = props.gigList
const ref = firebase.firestore().collection('gig-listing')
const deleteGig = (gigs) => {
ref
.doc(gigs.id)
.delete()
.catch(err => {
console.error(err)
})
}
return(
<div>
{
gigList.map(gigs => {
let name = gigs.data().name
let genre = gigs.data().genre
let time = gigs.data().time
let tickets = gigs.data().tickets
let price = gigs.data().price
return <Giglisting
gigtitle = {name}
genre = {genre}
time = {time}
buytickets = {tickets}
price = {price}
button = {<StyledButton onClick ={() => deleteGig(gigs)}>Delete Gig</StyledButton>}
/>
})
}
</div>
)
}
export default UniqueVenueListing
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents{
match/gig-listing/{document = **} {
allow write: if request.auth.token.admin ==true;
allow delete: if isAuthenticated() && request.auth.uid == resource.data.userId;
allow read;
}
}
}
function isAuthenticated(){
return request.auth != null;
}
import React, {useState, useEffect} from 'react'
import Giglisting from './Giglisting'
import Button from "@material-ui/core/Button";
import { withStyles } from '@material-ui/core/styles';
import firebase from 'firebase'
const StyledButton = withStyles({
root: {
background: '#54ADA6',
borderRadius: 3,
border: 0,
color: 'white',
height: 30,
padding: '0 30px',
marginRight: '1px'
},
label: {
textTransform: 'capitalize',
},
})(Button);
const UniqueVenueListing = (props) => {
const gigList = props.gigList
const ref = firebase.firestore().collection('gig-listing')
const deleteGig = (gigs) => {
ref
.doc(gigs.id)
.delete()
.catch(err => {
console.error(err)
})
}
return(
<div>
{
gigList.map(gigs => {
let name = gigs.data().name
let genre = gigs.data().genre
let time = gigs.data().time
let tickets = gigs.data().tickets
let price = gigs.data().price
return <Giglisting
gigtitle = {name}
genre = {genre}
time = {time}
buytickets = {tickets}
price = {price}
button = {<StyledButton onClick ={() => deleteGig(gigs)}>Delete Gig</StyledButton>}
/>
})
}
</div>
)
}
export default UniqueVenueListing
import React,{useState,useffect}来自“React”
从“/Giglisting”导入Giglisting
从“@物料界面/核心/按钮”导入按钮;
从“@material ui/core/styles”导入{withStyles}”;
从“firebase”导入firebase
const StyledButton=带有样式({
根目录:{
背景:“#54ADA6”,
边界半径:3,
边界:0,
颜色:'白色',
身高:30,
填充:“0 30px”,
marginRight:“1px”
},
标签:{
textTransform:'大写',
},
})(按钮);
const UniqueVenueListing=(道具)=>{
const gigList=props.gigList
const ref=firebase.firestore().collection('gig-listing')
常量deleteGig=(gigs)=>{
裁判
.doc(gigs.id)
1.删除()
.catch(错误=>{
控制台错误(err)
})
}
返回(
{
gigList.map(gigs=>{
让name=gigs.data().name
让genre=gigs.data().genre
让时间=gigs.data().time
let tickets=gigs.data().tickets
let price=gigs.data().price
返回Delete Gig}
/>
})
}
)
}
导出默认UniqueVenueListing
我还尝试了
允许删除:if request.auth.token.admin==true,没有运气。有什么建议吗?您可以尝试以下安全规则配置,以避免与您在共享的安全规则配置中定义的写入规则发生冲突。请注意,通过粒度操作破坏write
规则,可以隔离delete
规则并获得所需的行为。查找所有相关信息
我发现其中的一个文档对于定义安全规则以及如何查询数据非常有用。您的规则取决于现有文档的内容,而我们看不到这些内容。请编辑问题以显示所有涉及的数据,包括您从代码中记录的uid,以及您试图删除的文档的userId
字段。问题中应该有足够的信息,以便我们能够重现这种行为。