Angular FirebaseError 缺少或权限不足
Angular FirebaseError Missing or Insufficient Permissions
我试图允许每个用户使用 firestore 读取和写入他们自己的数据,但我收到权限不足错误。我不知道为什么。
我为我的 Firestore 制定了这些规则...
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{uid} {
allow create: if request.auth != null;
allow read, write, update, delete: if request.auth != null && request.auth.uid == uid;
}
}
}
在我的项目中,我的服务使用以下函数将数据推送到 angular firebase(是的,它很长)...
constructor(private afs: AngularFirestore){}
addToOrders(artist: string, formInput: AlbumInput) {
const currentUser = this.authService.currentUser; // uses a getter function to obtain the current user
const trackingUrl = 'https://tools.usps.com/go/TrackConfirmAction_input?strOrigTrackNum=';
const newOrder: Order = {
artistName: artist,
album: formInput.selectedAlbum.name,
image: formInput.selectedAlbum.images[0].url,
orderType: formInput.orderType,
trackingUrl: trackingUrl,
variant: formInput.variant
}
if (formInput.orderType === "shipped") {
newOrder.trackingNum = formInput.trackingNum;
return of(this.afs.doc(`users/${currentUser.uid}`).collection('shipped').add(newOrder))
.subscribe({
next: (() => {
this.albumAdded$.next(true);
}),
error: (() => {
this.albumAdded$.next(false);
})
});
} else {
newOrder.date = formInput.date;
return of(this.afs.doc(`users/${currentUser.uid}`).collection('preordered').add(newOrder))
.subscribe({
next: (() => {
this.albumAdded$.next(true);
}),
error: (() => {
this.albumAdded$.next(false);
})
});
}
}
我在这个模式中遗漏了什么会导致这样的错误吗?
如果我把规则改成users/${user=**},它确实成功地将数据存储到users子集合中,但是现在我不能正常登录(由于某些原因,我可以注册尽管方法几乎相同)。这是我的登录...
signIn(signInForm: SignInForm) {
return this.afAuth.signInWithEmailAndPassword(signInForm.email, signInForm.password)
.then((result) => {
this.isUserData.next(true);
this.setUserData(result.user!)
.then(() => {
this.router.navigateByUrl("/home");
});
}).catch(error => {
this.errorModal(error); // Modal Generic launches to inform the user
});
}
设置用户数据...
setUserData(user: User) {
const userRef: AngularFirestoreDocument<any> = this.afs.doc(`users/${user.uid}`);
const userData: User = {
uid: user.uid,
email: user.email,
displayName: user.displayName
}
return userRef.set(userData, {
merge: true
});
}
这条规则:
match /users/{uid} {
允许用户阅读他们自己的个人资料文档。它不允许他们读取那里的子集合,这就是你在这段代码中所做的:
of(this.afs.doc(`users/${currentUser.uid}`).collection('shipped').add(newOrder))
要允许用户也阅读其个人资料文档的所有子集,请使用 recursive wildcard (**):
match /users/{uid=**} {
我试图允许每个用户使用 firestore 读取和写入他们自己的数据,但我收到权限不足错误。我不知道为什么。
我为我的 Firestore 制定了这些规则...
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{uid} {
allow create: if request.auth != null;
allow read, write, update, delete: if request.auth != null && request.auth.uid == uid;
}
}
}
在我的项目中,我的服务使用以下函数将数据推送到 angular firebase(是的,它很长)...
constructor(private afs: AngularFirestore){}
addToOrders(artist: string, formInput: AlbumInput) {
const currentUser = this.authService.currentUser; // uses a getter function to obtain the current user
const trackingUrl = 'https://tools.usps.com/go/TrackConfirmAction_input?strOrigTrackNum=';
const newOrder: Order = {
artistName: artist,
album: formInput.selectedAlbum.name,
image: formInput.selectedAlbum.images[0].url,
orderType: formInput.orderType,
trackingUrl: trackingUrl,
variant: formInput.variant
}
if (formInput.orderType === "shipped") {
newOrder.trackingNum = formInput.trackingNum;
return of(this.afs.doc(`users/${currentUser.uid}`).collection('shipped').add(newOrder))
.subscribe({
next: (() => {
this.albumAdded$.next(true);
}),
error: (() => {
this.albumAdded$.next(false);
})
});
} else {
newOrder.date = formInput.date;
return of(this.afs.doc(`users/${currentUser.uid}`).collection('preordered').add(newOrder))
.subscribe({
next: (() => {
this.albumAdded$.next(true);
}),
error: (() => {
this.albumAdded$.next(false);
})
});
}
}
我在这个模式中遗漏了什么会导致这样的错误吗?
如果我把规则改成users/${user=**},它确实成功地将数据存储到users子集合中,但是现在我不能正常登录(由于某些原因,我可以注册尽管方法几乎相同)。这是我的登录...
signIn(signInForm: SignInForm) {
return this.afAuth.signInWithEmailAndPassword(signInForm.email, signInForm.password)
.then((result) => {
this.isUserData.next(true);
this.setUserData(result.user!)
.then(() => {
this.router.navigateByUrl("/home");
});
}).catch(error => {
this.errorModal(error); // Modal Generic launches to inform the user
});
}
设置用户数据...
setUserData(user: User) {
const userRef: AngularFirestoreDocument<any> = this.afs.doc(`users/${user.uid}`);
const userData: User = {
uid: user.uid,
email: user.email,
displayName: user.displayName
}
return userRef.set(userData, {
merge: true
});
}
这条规则:
match /users/{uid} {
允许用户阅读他们自己的个人资料文档。它不允许他们读取那里的子集合,这就是你在这段代码中所做的:
of(this.afs.doc(`users/${currentUser.uid}`).collection('shipped').add(newOrder))
要允许用户也阅读其个人资料文档的所有子集,请使用 recursive wildcard (**):
match /users/{uid=**} {