FlutterFlow – Firestore安全规则错误:ListView上缺少或权限不足

huangapple go评论63阅读模式
英文:

FlutterFlow - Firestore Security Rules Error on ListView: Missing or insufficient permissions

问题

The error you're encountering, Firestore Security Rules Error on ListView: Missing or insufficient permissions, is occurring because the Firestore security rules are preventing you from reading data that doesn't meet the specified conditions. In your updated rules, you attempted to restrict read access to only matching uids, but it seems there's an issue with how you're referencing the uid in your rules.

Here's the corrected rule for todos to restrict read access to only matching uids:

allow read: if request.auth != null && request.auth.uid == resource.data.owner;

This rule ensures that only users with a matching uid (the owner of the todo) can read their own todos. Make sure to update your Firestore rules with this change.

Remember to publish your Firestore rules after making changes for them to take effect.

英文:

I'm making a simple todo app. I'm able to add a document (todo) to the database and I'm able to read them, but only if I allow every document to be read, not just mine.

I'm trying to make it so that a ListView only shows me my todos.
These firebase rules allow me to see everyone's todos:

<!-- language-all: lang-js -->

rules_version = &#39;2&#39;;
service cloud.firestore {
  match /databases/{database}/documents {
    match /todos/{document} {
      allow create: if request.auth != null;
      allow read: if request.auth != null;
      allow write: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
      allow delete: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
    }

    match /users/{document} {
      allow create: if request.auth.uid == document;
      allow read: if request.auth.uid == document;
      allow write: if request.auth.uid == document;
      allow delete: if false;
    }
  }
}

When I change the allow read line for the todos so that only matching uids are allowed to be read:

rules_version = &#39;2&#39;;
service cloud.firestore {
  match /databases/{database}/documents {
    match /todos/{document} {
      allow create: if request.auth != null;
      allow read: if request.auth.uid == resource.data.uid;
      allow write: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
      allow delete: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
    }

    match /users/{document} {
      allow create: if request.auth.uid == document;
      allow read: if request.auth.uid == document;
      allow write: if request.auth.uid == document;
      allow delete: if false;
    }
  }
}

I get this error:
Firestore Security Rules Error on ListView: Missing or insufficient permissions.

Any thoughts on what could be causing this? I tried creating a new project in FlutterFlow and I tried creating a new project in Firebase. I get the same issue.

答案1

得分: 1

请注意,Firestore 的规则用于确保您的代码不会读取超出其允许范围的数据,而不是作为过滤器。您必须确保您的代码仅请求规则允许访问的数据。

另请参阅以下链接:

英文:

While we'd need to see your code/query to be certain, keep in mind that rules are not filters - but instead Firestore merely uses the rules to ensure your code doesn't read more data than it's allowed. You have to ensure that your code only request data that the rules allow it to access.

Also see:

huangapple
  • 本文由 发表于 2023年5月22日 07:40:32
  • 转载请务必保留本文链接:https://go.coder-hub.com/76302341.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定