英文:
FlutterFlow - Firestore Security Rules Error on ListView: Missing or insufficient permissions
问题
The error you're encountering, Firestore Security Rules Error on ListView: Missing or insufficient permissions, is occurring because the Firestore security rules are preventing you from reading data that doesn't meet the specified conditions. In your updated rules, you attempted to restrict read access to only matching uids, but it seems there's an issue with how you're referencing the uid in your rules.
Here's the corrected rule for todos to restrict read access to only matching uids:
allow read: if request.auth != null && request.auth.uid == resource.data.owner;
This rule ensures that only users with a matching uid (the owner of the todo) can read their own todos. Make sure to update your Firestore rules with this change.
Remember to publish your Firestore rules after making changes for them to take effect.
英文:
I'm making a simple todo app. I'm able to add a document (todo) to the database and I'm able to read them, but only if I allow every document to be read, not just mine.
I'm trying to make it so that a ListView only shows me my todos.
These firebase rules allow me to see everyone's todos:
<!-- language-all: lang-js -->
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /todos/{document} {
allow create: if request.auth != null;
allow read: if request.auth != null;
allow write: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
allow delete: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
}
match /users/{document} {
allow create: if request.auth.uid == document;
allow read: if request.auth.uid == document;
allow write: if request.auth.uid == document;
allow delete: if false;
}
}
}
When I change the allow read line for the todos so that only matching uids are allowed to be read:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /todos/{document} {
allow create: if request.auth != null;
allow read: if request.auth.uid == resource.data.uid;
allow write: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
allow delete: if resource.data.owner == /databases/$(database)/documents/users/$(request.auth.uid);
}
match /users/{document} {
allow create: if request.auth.uid == document;
allow read: if request.auth.uid == document;
allow write: if request.auth.uid == document;
allow delete: if false;
}
}
}
I get this error:
Firestore Security Rules Error on ListView: Missing or insufficient permissions.
Any thoughts on what could be causing this? I tried creating a new project in FlutterFlow and I tried creating a new project in Firebase. I get the same issue.
答案1
得分: 1
请注意,Firestore 的规则用于确保您的代码不会读取超出其允许范围的数据,而不是作为过滤器。您必须确保您的代码仅请求规则允许访问的数据。
另请参阅以下链接:
英文:
While we'd need to see your code/query to be certain, keep in mind that rules are not filters - but instead Firestore merely uses the rules to ensure your code doesn't read more data than it's allowed. You have to ensure that your code only request data that the rules allow it to access.
Also see:
- https://stackoverflow.com/questions/56313459/collection-group-permissions-for-firestore/56314305#56314305
- https://stackoverflow.com/questions/47526064/configuring-rules-for-firestore-so-user-only-gets-records-they-own/47528474#47528474
- https://stackoverflow.com/questions/57684247/firestore-security-rules-how-to-check-if-document-was-created-by-user-is-owner/57684408#57684408
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论