基于Firestore角色的身份验证无法按预期工作
基于Firestore角色的身份验证无法按预期工作
提问于 2018-03-02 09:13:49
试图为Android防火墙应用程序启用安全角色
以下文档:https://firebase.google.com/docs/firestore/solutions/role-based-access
service cloud.firestore {
match /databases/{database}/documents {
match /Dairy/{dairyId} {
function isSignedIn() {
return request.auth != null;
}
function getRole() {
//both of the below statements are not working
//return resource.data.roles[request.auth.uid];
return get(/databases/$(database)/documents/Dairy/$(dairyId)).data.roles[request.auth.uid];
}
function isOneOfRoles(array) {
return isSignedIn() && (getRole() in array);
}
function isValidNewDoc() {
return resource.data == null
&& request.resource.data.roles[request.auth.uid] == 'OWNER';
}
allow write: if isValidNewDoc() || isOneOfRoles(['OWNER']);
allow read: if isOneOfRoles(['OWNER', 'ADMIN']);
match /{document=**} {
allow read: if isOneOfRoles(['OWNER', 'ADMIN']);
}
}
match /DairyOwnerProfile/{user_profile} {
function isUserSignedIn() {
return request.auth != null;
}
function isValidNewProfile() {
// Valid if Dairy does not exist and the new Dairy has the correct owner.
return isUserSignedIn() && resource.data == null
&& request.resource.data.uid == request.auth.uid;
}
allow read, write: if isUserSignedIn() && (user_profile == request.auth.uid || isValidNewProfile());
}
}
}域模型
创建文档使用路径/databases/{database}/documents/DairyOwnerProfile/{USER_ID}处理下面的文档模型
public class DairyOwnerProfile {
private String uid;
private String name;
private String phone;
private String dairyId;
}但是创建和读取不适用于Dairy及其所有子集合的Dairy下面存储在路径/databases/{database}/documents/Dairy/{dairyId}中。
public class Dairy {
private String id;
private String dairyName;
private boolean active;
private String address;
private Date updateTime;
private Map<String, Role> roles;
}
public enum Role {
OWNER, FARMER, ADMIN, MANAGER
}几天来一直在尝试,但是找不出上面的消防安全规则有什么问题
尝试使用以下变体的isValidNewDoc()方法
//Not working
function isValidNewDoc() {
return resource.data == null
&& request.resource.data.roles[request.auth.uid] == 'OWNER';
}
//Not working
function isValidNewDoc() {
return resource.data == null
&& request.resource.data == null;
}
//Not working
function isValidNewDoc() {
return resource.data == null
&& request.resource.data != null;
}
//Not working
function isValidNewDoc() {
return resource.data == null;
}
//working
function isValidNewDoc() {
return isSignedIn();
}
//Working, Create and update both worked (Sub collection read/write failed)
//but this allows overwriting existing document by another user, adding "resource.data == null" with && causing it to fail
function isValidNewDoc() {
return request.resource.data.roles[request.auth.uid] == 'OWNER';
}这是在Android com.google.firebase.firestore.FirebaseFirestoreException:PERMISSION_DENIED:缺少或不足权限.中得到的错误。
我对数据的规则或层次做了错误的事情。
在奶制品收集下有许多子集合,在这些子集合上读写也失败
这个问题阻碍了我的第一个版本的android应用程序的发布,请指出正确的方向,以找到和解决问题
注:这是我第一次接触android和消防站。
如果需要更多的信息,请告诉我。
回答 1
Stack Overflow用户
回答已采纳
发布于 2018-03-02 17:09:53
使用resource == null而不是resource.data == null
function isValidNewDoc() {
return resource == null
&& request.resource.data.roles[request.auth.uid] == 'OWNER';
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/49065978
复制相关文章
相似问题
腾讯云开发者
