【问题标题】:Which firestore rule to show all documents with my uid in flutter?哪个firestore规则可以显示所有带有我的uid的文档?
【发布时间】:2020-11-16 12:02:49
【问题描述】:

我正在构建一个将数据保存在 Cloud Firestore 中的应用程序。

在 firestore 中有一个名为 projects 的集合,我在其中保存了一个带有 userIDs 的数组。 在我的应用程序中,我想使用我的userID 显示和编辑所有项目。

你能给我一个提供这种条件的规则吗?

我测试了一些在 firebase 的测试环境中有效但在我的应用程序中无效的规则。 我总是遇到权限问题。

如果您需要更多信息,请询问。

我的规则:

service cloud.firestore {
   match /databases/{database}/documents {


      match /projects/{projectsId} {
         allow create: if request.auth != null;
         allow read, update, delete, write: if request.auth.uid in        get(/databases/$(database)/documents/projects/$(projectsId)).data.member
         }

      match /user/{userId} {
         allow create, read: if request.auth != null;
        }
  }

 }

member 是每个项目中的一个数组。

我的代码(流):

  //get projects stream
  Stream<List<Project>> get projects {
    return projectCollection.snapshots().map(_projectListFromSnapshot);
  }


  
 //Project list from snapshot
  List<Project> _projectListFromSnapshot(QuerySnapshot snapshot) {
    return snapshot.docs.map((doc) {
      return Project(
        name: doc.data()['name'] ?? '',
        subject: doc.data()['subject'] ?? '',
        member: doc.data()['member'] ?? '',
        date: doc.data()['date'].toDate() ?? '',
        projectID: doc.id,
        open: doc.data()['open'] ?? '',
      );
    }).toList();
  }

使用StreamProvider,我用List&lt;Project&gt; 中的每个对象构建一个ListView

【问题讨论】:

标签: firebase flutter google-cloud-firestore firebase-security


【解决方案1】:
 service cloud.firestore {
  match /databases/{database}/documents {


    match /projects/{document} {
      allow read, write, delete: if request.auth != null && request.auth.uid in resource.data.member
      }
    
    match /user/{userId} {
      allow create, read: if request.auth != null;
    }
  }
    
}

在测试环境中工作。

在 Android Studio (Flutter) 中我收到一个错误:

════════ Exception caught by provider ══════════════════════════════════════════════════════════════
The following assertion was thrown:
An exception was throw by _MapStream<QuerySnapshot, List<Project>> listened by

StreamProvider<List<Project>>, but no `catchError` was provided.

Exception:
[cloud_firestore/permission-denied] The caller does not have permission to execute the specified operation.

════════════════════════════════════════════════════════════════════════════════════════════════════
Reloaded 0 of 643 libraries in 649ms.
W/Firestore( 4590): (22.0.0) [Firestore]: Listen for Query(target=Query(projects order by __name__);limitType=LIMIT_TO_FIRST) failed: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}

══╡ EXCEPTION CAUGHT BY PROVIDER ╞══════════════════════════════════════════════════════════════════
The following assertion was thrown:
An exception was throw by _MapStream<QuerySnapshot, List<Project>> listened by
StreamProvider<List<Project>>, but no `catchError` was provided.

Exception:
[cloud_firestore/permission-denied] The caller does not have permission to execute the specified
operation.

════════════════════════════════════════════════════════════════════════════════════════════════════

【讨论】:

    【解决方案2】:

    1 .此规则仅供真实使用是添加/编辑/更新您的数据库,

    service cloud.firestore {
      match /databases/{database}/documents {
        // Allow only authenticated content owners access
        match /some_collection/{document} {
          allow read, write: if request.auth.uid != null;
          }
        }
      }
    

    2 。这条规则供所有人使用,无需身份验证即可添加/编辑/更新您的数据库,

    service cloud.firestore {
      match /databases/{database}/documents {
        match /{document=**} {
          allow read, write: if true;
        }
      }
    }
    

    【讨论】:

    • request.resource.data.member 不起作用:“错误:simulator.rules 行 [6],列 [81]。属性资源未在对象上定义。”
    • 再次检查这条规则
    猜你喜欢
    • 2020-06-10
    • 2019-03-12
    • 1970-01-01
    • 1970-01-01
    • 2019-10-01
    • 2020-10-05
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多