Google Cloud Firestore: FirebaseError: [code=permission-denied]: Missing or insufficient permissions

Question

如果您完全使用 open/allow-all 规则，似乎只能使 Firestore 规则起作用，从客户端代码调用 .add。

这是一个 VueJS 应用程序。在我的 main.js...

// You MUST import these 2 lines exactly so
// to get firebase/firestore loaded and working
import firebase from 'firebase';
import 'firebase/firestore';

import config from '../config/firebase.config.json';
firebase.initializeApp(config);

Vue.config.productionTip = false;
// Define some globals: Available to ALL page vues
Vue.prototype.$http = require('axios');
Vue.prototype.$firebase = firebase;

在我的 Login.vue 我有...

methods: {
    loadFirebaseUIAuth() {
        const firebaseUIConfig = {
            'signInSuccessUrl': '/',
            'signInOptions': [
                // Leave the lines as is for the providers you want to offer your users.
                this.$firebase.auth.GoogleAuthProvider.PROVIDER_ID,
                this.$firebase.auth.FacebookAuthProvider.PROVIDER_ID,
                this.$firebase.auth.TwitterAuthProvider.PROVIDER_ID,
                this.$firebase.auth.GithubAuthProvider.PROVIDER_ID
                // firebase.auth.EmailAuthProvider.PROVIDER_ID
            ],
            // Terms of service url.
            'tosUrl': '/tos'
        };
        // Initialize the FirebaseUI Widget using Firebase.
        const firebaseUI = new firebaseui.auth.AuthUI(this.$firebase.auth());
        // The start method will wait until the DOM is loaded.
        firebaseUI.start('#firebaseui-auth-container', firebaseUIConfig);
    },
    initFirebaseAuthHandler() {
        this.$firebase.auth().onAuthStateChanged(function(user) {
            if (user) {
                // User is signed in.
                userData.displayName = user.displayName;
                userData.email = user.email;
                userData.emailVerified = user.emailVerified;
                userData.photoURL = user.photoURL;
                userData.uid = user.uid;
                userData.phoneNumber = user.phoneNumber;
                userData.providerData = user.providerData;
                user.getIdToken().then((accessToken) => {
                    console.log('Login.vue: FirebaseAuthHandler: sign-in-status:', 'Signed in!');
                    userData.accessToken = accessToken;
                    // Store User info, mainly to pass accessToken in request headers
                    localStorage.clear('userData');
                    localStorage.setItem('userData', JSON.stringify(userData));
                });
                console.log('Login.vue: userData: ', userData);
            } else {
                // User is signed out.
                console.log('Login.vue: FirebaseAuthHandler: sign-in-status: ', 'Signed out');
            }
        }, function(error) {
            console.error('Login.vue: FirebaseAuthHandler: ', error);
        });
    }
}

我没有（我看不到）做任何事情来将用户登录信息连接到 Firestore collection.add(...).then(...) 调用。 我是不是漏掉了 connect-user-info-to-firestore 这一步？这是手动还是自动的东西？

我的客户端 Base.data-context.js 创建方法看起来像...

create(collection, model, doneSuccess, doneError) {
    const doneCreate = (doc) => {
        model.attribs = doc;
        return doneSuccess(model);
    };
    delete model.attribs.id; // Do not allow id when creating
    model.attribs.createdby = 'WebUI';
    model.attribs.createdon = new Date();
    model.attribs.modifiedby = 'WebUI';
    model.attribs.modifiedon = new Date();
    model.attribs.modifiedlastip = '';
    collection.add(model.attribs).then(doneCreate).catch(doneError);
}

很一般。在播放器上调用 .add collection.

在我的 Firestore 规则中，我有...

service cloud.firestore {
    match /databases/{database}/documents {
        match /{document=**} {
            // Any user can read or write this data
            allow read: if true;
            allow write: if true;
        }
        //match /{article=**} {
        //  // Only signed in users can write this data
        //  allow read: if true;
        //  allow write: if request.auth.uid != null;
        //}
        //match /{player=**} {
        //  // Only signed in users can read or write this data
        //  allow read: if request.auth.uid != null;
        //  allow write: if request.auth.uid != null;
        //}
        //match /{character=**} {
        //  // Only signed in users can read or write this data
        //  allow read: if request.auth.uid != null;
        //  allow write: if request.auth.uid != null;
        //}
    }
}

如果我翻转注释以消除第一个 allow-all 块，并启用应该只允许 request.auth.uid != null 的个别文档，你就不能再写了。您在 post 标题中收到权限错误。所以这告诉我正在处理规则，因为评论翻转 enables/disables 写入 player collection.

Answer 1

好的，所以 2017 年 10 月 SO 上的 firebase/firestore 用户不多 :-) 我终于找到了答案。上面 99.9% 的代码都可以。在 this.$firebase.auth().onAuthStateChanged(function(user) {... auth 事件处理程序中还需要 1 行，然后在 user.getIdToken().then((accessToken) => { 中：您需要告诉 firebase 用户 accessToken 是什么：this.$firebase.auth(accessToken);。在此之后，我所有的 Firestore 规则都按预期工作了。

确保将 firebase ref 存储在 Vue.prototype.$firebase 中 main.js。这将使您能够在所有组件中访问 firebase。

希望这对以后的人有帮助:-)