问题
I have documents in firestore collection called 'inventories' of the following structure:
{
creator: string,
images: string[],
}
the creator field is the uid of the user who created the document.
In my firestore rules section I have the following rules:
service cloud.firestore {
match /databases/{database}/documents {
match /inventories/{inventoryid} {
allow read, write: if request.auth.id == resource.data.creator;
}
}
}
In my ionic application I do the following:
this.inventoryCollection = database.collection<Inventory[]>
('inventories', ref => ref.where('creator', '==', auth.currentUserId));
I get the following error when this executes:
Missing or insufficient permissions.
Can anyone see what I am doing wrong? Is it a problem with my rules? Or is it a problem with my code calling the firestore?
回答1:
You should use request.auth.uid instead of request.auth.id, see https://firebase.google.com/docs/reference/rules/rules.firestore.Request#auth
Also, you should divide your rules in two "sub-rules", as follows:
service cloud.firestore {
match /databases/{database}/documents {
match /inventories/{inventoryid} {
allow read: if request.auth.id == resource.data.creator;
allow write: if request.auth.id == request.resource.data.creator;
}
}
}
Note the use of request.resource for the write rule.
This is very well explained in the official following video about Firestore Security Rules: https://www.youtube.com/watch?v=eW5MdE3ZcAw
来源:https://stackoverflow.com/questions/55419290/firestore-security-rules-permission-issue