Firebase Firestore(包括资源)防止规则匹配
我正在尝试编写一条规则,该规则检查文档以查看可见性是否设置为公开。
一旦我包含资源关键字,火基规则就无法匹配。
以下无法匹配。即规则不读
match /publicProfiles/{userId} {
allow read: if resource.data.visibility !=null ;
}
match /publicProfiles/{userId} {
allow read: if resource.data.visibility == "public";
}
上面的示例直接来自文档并且在规则游乐场或真实电话中对我不起作用。
也只是通过对Auth进行测试。没有auth的请求。
这匹配&失败
match /publicProfiles/{userId} {
allow read: if request.auth != null && request.auth.uid == userId ;
}
这与不匹配
match /publicProfiles/{userId} {
allow read: if request.auth.uid == userId ;
}
我似乎找不到是否存在资源的同等方法来编写检查。在两种情况下,我都测试了资源存在并且不存在的情况,并且两者都无法匹配。
任何帮助将不胜感激!
编辑 - 附加信息
我的获取请求。使用反应新的循环。 Get请求正在发送。重要的是不是查询。
let doc = await firebase.firestore().collection('publicProfiles').doc(userId).get()
我还有上面还有一个规则。默认大多数集合可以公开可读。
match /{collectionName}/{docId} {
allow read, get: if collectionName != 'users';
}
我看到的是,当添加资源关键字时,规则不应该匹配,因为它应该失败。作为公共资料文档,我正在阅读的是可见性:“私有”。
此外,在我尝试获取文档的规则操场上,它无法匹配。
一个未经身心的用户失败,但该规则已读取。可以肯定的是,它在& amp; 之前停止
认证的成功,但该规则不匹配,因此不匹配阅读
我看到了与真实的Get请求相同的行为。
I'm trying to write a rule which checks the document to see if the visibility is set to public.
As soon as I include resource keyword the firebase rules fails to match.
The following fail to match. I.e the rule is not read
match /publicProfiles/{userId} {
allow read: if resource.data.visibility !=null ;
}
match /publicProfiles/{userId} {
allow read: if resource.data.visibility == "public";
}
The above example comes straight from the documentation and doesn't work for me in the rules playground nor real calls.
Also just from testing with the auth. A request which doesn't have auth.
This matches & fails
match /publicProfiles/{userId} {
allow read: if request.auth != null && request.auth.uid == userId ;
}
This does not match
match /publicProfiles/{userId} {
allow read: if request.auth.uid == userId ;
}
I can't seem to find an equivalent method of writing checks around if the resource exists. I have tested in both cases where the resource exists and doesn't exist and in both it fails to match.
Any help would be greatly appreciated!
Edit - Additional info
My get request. Using react-native-firebase. The get request is being sent. It's importantly not a query.
let doc = await firebase.firestore().collection('publicProfiles').doc(userId).get()
I have one additional rule above. Defaulting the majority of collections to be readable publically.
match /{collectionName}/{docId} {
allow read, get: if collectionName != 'users';
}
What I am seeing is that when the resource keyword is added the rule is not matched as it should fail. As the public profile document I am reading is visibility:"private".
Additionally in the rule playground when I try a get a doc it fails to match.
An unauthenticated user fails but the rule is read. Pretty sure it stops before the &&
An authenticated succeeds but the rule is not matched and therefore not read
I'm seeing the same behaviour with the real get request.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我得到了Google支持的回答。
“ ...如果多个允许表达式匹配请求,则允许访问,如果任何条件为真
。实际上,如果任何规则通过,它会通过。规则游乐场只是在寻找第一个成功。
I got and answer from google support.
"...In the case where multiple allow expressions match a request, the access is allowed if any of the conditions is true."
I misinterpreted and thought it was linear with the latest rule overwriting the previous. When in fact if any rule passes it passes. The rule playground was just looking for the first success.