Missing or insufficient permissions when writing to Firestore using field in access rules

后端 未结 3 1739
北海茫月
北海茫月 2021-02-03 19:55

I am getting an error when attempting to write to Firestore.

I am attempting to use a field containing the user uid for my security rule.

service cloud.f         


        
相关标签:
3条回答
  • 2021-02-03 20:26

    You can make your database available just for reading and not for writing:

      service cloud.firestore {
        match /databases/{database}/documents {
         match /{document=**} {
           allow read: if true;
           allow write: if false;
          }
       }
    }
    
    0 讨论(0)
  • 2021-02-03 20:29

    resource.data refers to the data already stored, so your rule allowed users to only update data that already includes their user ID.

    What you probably want to check is request.resource.data which is the new data coming in.

    There's a rather extensive document about those fields and other security rules here: https://firebase.google.com/docs/firestore/security/rules-conditions

    0 讨论(0)
  • 2021-02-03 20:46

    This question and the accepted answer were very useful for me. I ended up using a slightly different set of rules which I'll share here incase someone else finds them useful.

    Like the OP, I store a user ID (uid) with my resources. However, when I want to create a new resource, there's no uid yet. Using an example in the documentation I ended up with security rules that look like this:

    service cloud.firestore {
      match /databases/{database}/documents {
        match /messages/{document=**} {
          allow read, update, delete: if request.auth.uid == resource.data.uid;
          allow create: if request.auth.uid != null;
        }
      }
    }
    
    0 讨论(0)
提交回复
热议问题