无法基于元数据设置Firebase存储访问规则

发布于 2025-02-10 20:05:50 字数 1153 浏览 1 评论 0原文

面临设置访问规则的问题。因此，到目前为止，我们一直在存储用户数据＆lt; user_id＆gt;/。而且，基本规则的工作正常，

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /b/{bucket}/o {
    // Files look like: "<UID>/path/to/file.txt"
    match /{userId}/{allPaths=**} {
      allow read, write: if request.auth != null && request.auth.uid == userId;
    }
  }
}

但是现在我希望用户能够在任何{userId}下存储文件，只要他是文件的所有者。

我正在尝试编写文件和更新访问规则时设置所有者元数据属性。

更新的访问规则

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /b/{bucket}/o {
    // Files look like: "<UID>/path/to/file.txt"
    match /{userId}/{allPaths=**} {
      allow read, write: if request.auth != null
      && (request.auth.uid == userId || resource.metadata.owner == request.auth.uid);
    }
  }
}

我已经验证了通过将文件上传到用户自己的路径上，可以正确设置元数据。但是，当我尝试在其他用户的路径下写入时，我被访问拒绝了，

请参见文件的元数据信息的屏幕截图，我正在尝试上传

原文

Facing an issue in setting up access rules. So till now we have been storing user data as <user_id>/. And the basic rule as this has been working fine

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /b/{bucket}/o {
    // Files look like: "<UID>/path/to/file.txt"
    match /{userId}/{allPaths=**} {
      allow read, write: if request.auth != null && request.auth.uid == userId;
    }
  }
}

But now i want a user to be able to store a file under any {userId} as long as he is the owner of the file.

I am doing that by setting the owner metadata attribute when trying to write the file and updating the access rules.

Updated access rules

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /b/{bucket}/o {
    // Files look like: "<UID>/path/to/file.txt"
    match /{userId}/{allPaths=**} {
      allow read, write: if request.auth != null
      && (request.auth.uid == userId || resource.metadata.owner == request.auth.uid);
    }
  }
}

I have verified that the metadata is being set correctly by uploading the file to the user’s own path. But when i try to write under some other user’s path, i am getting access denied

See the screenshot of the metadata info of the file i am trying to upload

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

一笔一画续写前缘 2025-02-17 20:05:50

终于找到了这个问题。

我没有仔细阅读文档。编写文件时，要检查传入文件的元数据，我们必须使用request.resource。因此，必须是请求写规则

。

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /b/{bucket}/o {
    // Files look like: "<UID>/path/to/file.txt"
    match /{userId}/{allPaths=**} {
      allow read: if request.auth != null
      && (request.auth.uid == userId || resource.metadata.owner == request.auth.uid);
      allow write: if request.auth != null
      && (request.auth.uid == userId || request.resource.metadata.owner == request.auth.uid);
    }
  }
}

Finally found the issue.

I didn't read the documentation carefully. When writing a file, in order to check the metadata of the incoming file, we have to use request.resource. So the write rule had to be request.resouce.metadata.owner

Updated rule that works

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /b/{bucket}/o {
    // Files look like: "<UID>/path/to/file.txt"
    match /{userId}/{allPaths=**} {
      allow read: if request.auth != null
      && (request.auth.uid == userId || resource.metadata.owner == request.auth.uid);
      allow write: if request.auth != null
      && (request.auth.uid == userId || request.resource.metadata.owner == request.auth.uid);
    }
  }
}

回复收藏 0 原文

~没有更多了~