英文:
firebase security rule using customClaims
问题
目标是只允许已在 Firebase 中进行身份验证且具有自定义声明 "role" 为 "subscriber" 的用户访问存储。
但是出现了以下错误:
错误:simulator.rules 第 [6] 行,第 [9] 列。对象上未定义属性 customClaims。
感谢任何帮助,用户是 Google 身份验证的用户,每个用户都被分配了自定义角色。
英文:
The objective is to restrict storage access only to user who are authenticated in firebase and has a customClaims of role subscriber.
service firebase.storage {
match /b/{bucket}/o {
// Allow read access only for authenticated users with the role of "subscriber"
match /{allPaths=**} {
allow read: if request.auth != null && (
request.auth.customClaims.role == "subscriber"
);
}
}
}
but getting the error:
> Error: simulator.rules line [6], column [9]. Property customClaims is undefined on object.
any help is appreciated the users are the google authenticated users and each has a customs role assigned.
答案1
得分: 2
自定义声明可在request.auth.token变量中使用,因此:
request.auth.token.role == "subscriber"
如果今后遇到类似的问题,我建议查看这些关于存储安全规则中自定义声明的问题:存储安全规则中自定义声明的问题
英文:
Custom claims are available in the request.auth.token variable, so:
request.auth.token.role == "subscriber"
If you run into similar problems going forward, I recommend checking these questions about custom claims in Storage security rules/
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论