【发布时间】:2021-10-03 11:47:07
【问题描述】:
我的安全规则非常简单。我有两个系列 - riders 和 races:
-
riders: 只能在用户登录时读取或写入 -
races:未经认证的用户可以读取;当用户登录时写入。
service cloud.firestore {
match /databases/{database}/documents {
// restrict read/write on all to authenticated
match /{document=**} {
allow read, write: if request.auth != null;
// then allow collection read if match
match /races/{id} {
allow read, list: if true;
}
}
}
}
这些规则允许使用 Firebase 控制台Rules Playground 进行看似正确的设置,但在浏览器中,身份验证用户的行为与预期相同,但未经身份验证的用户在调用比赛时会返回错误:
core.js:6456 ERROR FirebaseError: Missing or insufficient permissions.
at new e (prebuilt-47338342-439a2133.js:188)
at prebuilt-47338342-439a2133.js:10415
at prebuilt-47338342-439a2133.js:10416
at e.onMessage (prebuilt-47338342-439a2133.js:10438)
at prebuilt-47338342-439a2133.js:10355
at prebuilt-47338342-439a2133.js:10386
at prebuilt-47338342-439a2133.js:15146
at ZoneDelegate.invoke (zone.js:372)
at Zone.run (zone.js:134)
at zone.js:1276
// service call
this.racesCollection = this.firestore.collection<Race>('races');
this.racesCollection
.doc(id)
.valueChanges()
.pipe(takeUntil(this.destroy$))
.subscribe((response: any) => {
console.log('=== APP SERVICE emits race ===', response);
this.race.next(response);
});
我尝试过重写规则,但似乎无法解决这个问题。任何帮助或想法表示赞赏!谢谢。
【问题讨论】:
标签: javascript google-cloud-firestore firebase-security