即使用户已通过身份验证,创建操作仍会导致错误:
Missing or Insufficient Permissions下面是我使用的Firestore规则:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
// Sanitization of Request
function recipeHasOnlyAllowedFields() {
let requiredFields = [
'name',
'category',
'directions',
'publishDate',
'ingredients'
];
let keys = request.resource.data.keys();
return keys.hasAll(requiredFields) && keys.hasOnly(requiredFields);
}
// Validation of Request
function isRecipeValid() {
let data = request.resource.data;
return (
data.name is string && data.name != '' &&
data.category is string && data.category != '' &&
data.directions is string && data.directions != '' &&
data.publishDate is timestamp &&
data.ingredients.size() > 0
)
}
allow read: if true;
allow create, update: if (
request.auth != null &&
recipeHasOnlyAllowedFields() &&
isRecipeValid()
);
allow delete: if request.auth != null;
}
}
}下面是我发送的数据:
{
name: "Bread",
category: "bakedGoods",
directions: "Mix the ingredients together",
ingredients: ["3 cups of flour", "1 cup of water"],
publishDate: "01/01/2023" // pretend this is a timestamp
isPublished: true
}
1条答案
按热度按时间kzmpq1sx1#
这个问题最终导致
isPublished不是基于此存储的自定义规则的允许字段。一旦该字段从发送的数据中删除(或添加到允许字段中),create调用就会再次工作。错误消息感觉像是一个红色的鲱鱼,因为它是一个数据问题,而不是一个身份验证或授权问题。
希望在firebase中有更好的方法来验证数据,并提供更好的错误消息。