为什么我收到 firestore 警报 -> 您的项目云 firestore 数据库 "default" 有不安全的规则
Why am i getting firestore alerts -> Your projects cloud firestore database "default" has insecure rules
我希望我的 reactjs webapp 的未登录用户只能阅读“业务配置文件集合”。
我有以下数据库结构。
以及以下规则:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read : if true;
allow write: if request.auth != null;
}
}
}
我对 firestore 规则很陌生,我有多种方法,这是唯一对我有用的方法。
用户 Dharmaraj 之前提到您的规则允许任何用户读取和写入数据库的任何集合,您可以使用 the rules playground. If that is the desired behavior, then you can ignore these alerts 验证这一点。
但是,您说您希望应用程序的未登录用户只能阅读“业务资料集合”。您可以阅读 Production-ready rules 及其部分,然后选择最适合您的部分。按照我的看法,您应该阅读并使用 Attribute-based 和 Role-based access 部分并以如下内容结束:
service cloud.firestore {
match /databases/{database}/documents {
// For attribute-based access control, Check a boolean `admin` attribute
allow write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true;
allow read: true;
// Alternatively, for role-based access, assign specific roles to users
match /some_collection/{document} {
allow read: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Reader"
allow write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Writer"
}
}
}
尽管如此,您可能需要检查并仔细阅读它们,看看是否有其他选项更适合您。我将添加 Security Rules language that is needed to understand what your rules are doing and how to Fix insecure rules.
我希望我的 reactjs webapp 的未登录用户只能阅读“业务配置文件集合”。
我有以下数据库结构。
以及以下规则:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read : if true;
allow write: if request.auth != null;
}
}
}
我对 firestore 规则很陌生,我有多种方法,这是唯一对我有用的方法。
用户 Dharmaraj 之前提到您的规则允许任何用户读取和写入数据库的任何集合,您可以使用 the rules playground. If that is the desired behavior, then you can ignore these alerts 验证这一点。
但是,您说您希望应用程序的未登录用户只能阅读“业务资料集合”。您可以阅读 Production-ready rules 及其部分,然后选择最适合您的部分。按照我的看法,您应该阅读并使用 Attribute-based 和 Role-based access 部分并以如下内容结束:
service cloud.firestore {
match /databases/{database}/documents {
// For attribute-based access control, Check a boolean `admin` attribute
allow write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.admin == true;
allow read: true;
// Alternatively, for role-based access, assign specific roles to users
match /some_collection/{document} {
allow read: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Reader"
allow write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Writer"
}
}
}
尽管如此,您可能需要检查并仔细阅读它们,看看是否有其他选项更适合您。我将添加 Security Rules language that is needed to understand what your rules are doing and how to Fix insecure rules.