Firebase安全性:【WriteStream】:流关闭

huwehgph  于 2023-03-31  发布在  其他
关注(0)|答案(1)|浏览(131)

我注册/登录在我的应用程序和firebase给我发短信验证代码。我的应用程序返回一个关于验证成功的页面,当我验证到代码。然后我的应用程序必须去主页,并返回到我订阅的网站。但我得到了“写错误”从firebase安全。

W/Firestore( 6596): (24.4.3) [WriteStream]: Stream closed with status: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}.
W/Firestore( 6596): (24.4.3) [Firestore]: Write failed at subscribers/{subscriberId}: Status{code=PERMISSION_DENIED, description=Missing or insufficient permissions., cause=null}

我的安全规则。

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    
        allow read: if isSignIn() && 
      request.auth.uid == resource.data.userId && 
      resource.data.role == "Admin";
        
      allow get, write: if isSignIn() && 
      request.auth.uid == resource.data.userId && 
      request.auth.token.phone_number == resource.data.phone &&
      resource.data.role == "Subscriber";
        
            match /sites/{site} {
            allow read, write: if isSignIn();
          match /messages/{message}{
          allow read, write: if isSignIn();
      }  
    }
  } 
  
  function isSignIn(){
    return request.auth.uid != null;
  }
}
ddrv8njm

ddrv8njm1#

没有语句匹配subscribers/{subscriberId}路径,因为与RTDB规则不同,Firestore规则不会级联,参见offical video,因此只需添加语句来匹配路径。

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match subscribers/{subscriberId} {
      allow read: if isSignIn() && 
      request.auth.uid == resource.data.userId && 
      resource.data.role == "Admin";
        
      allow get, write: if isSignIn() && 
      request.auth.uid == resource.data.userId && 
      request.auth.token.phone_number == resource.data.phone &&
      resource.data.role == "Subscriber";
     }
            match /sites/{site} {
            allow read, write: if isSignIn();
          match /messages/{message}{
          allow read, write: if isSignIn();
      }  
    }
  } 
  
  function isSignIn(){
    return request.auth.uid != null;
  }
}

相关问题