我有如下所示的firestore DB,uid欄位包含已添加檔案的經過身份驗證的用戶的uid
安全角色:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /crush/{doc} {
allow read: if request.auth != null && request.auth.uid == resource.data.uid;
allow write : if request.auth != null;
}
}
}
嘲笑閱讀規則有效
但是,在實際的顫振應用程式中,只有 DB 寫入作業,讀取失敗并出現以下錯誤
/Firestore(6538):(24.0.1)[Firestore]:偵聽查詢(目標=查詢(按名稱粉碎訂單);limitType=LIMIT_TO_FIRST)失敗:狀態{code=PERMISSION_DENIED,描述=缺少或權限不足。,原因=空}
這讓我相信 request.auth.uid 對于傳入的讀取是空白的
該程式如下所示
# landing.dart
# Authentication class is helper for FirebaseAuth.instance
import 'home.dart';
class Landing extends StatefulWidget {
const Landing({Key? key}) : super(key: key);
@override
State<Landing> createState() => _LandingState();
}
class _LandingState extends State<Landing> {
dynamic authStream = Authentication().authState;
@override
Widget build(BuildContext context) {
return StreamBuilder(
stream: authStream,
builder: (BuildContext context, AsyncSnapshot<AppUser?> snapshot) {
if (snapshot.data != null) {
return Home(snapshot.data);
}
else {
return SignIn(); //via google
}
});
}
}
# home.dart
# Database class is helper for FirebaseFirestore.instance
import 'package:flutter/material.dart';
import 'package:password_safe/models/crush.dart';
import 'package:password_safe/models/user.dart';
import 'package:password_safe/services/authentication.dart';
import 'package:password_safe/services/database.dart';
class Home extends StatefulWidget {
AppUser? user;
Home(this.user, {Key? key}) : super(key: key);
@override
_HomeState createState() => _HomeState();
}
class _HomeState extends State<Home> {
dynamic streamCrush = Database().getCrushSnapshot;
@override
Widget build(BuildContext context) {
return Scaffold(
floatingActionButton: FloatingActionButton(
onPressed: () {
provideInput(context, widget.user);
},
child: Icon(Icons.add),
),
body: StreamBuilder(
stream: streamCrush,
builder: (BuildContext context, AsyncSnapshot<List<Crush>> snapshot) {
if (snapshot.hasError) {
return Center(child: Text('Error Ocurred'));
}
if (snapshot.connectionState == ConnectionState.waiting) {
return CircularProgressIndicator();
}
return myList(snapshot.data!);
},
),
);
}
}
\\ database.dart
import 'dart:developer' as developer;
import 'package:cloud_firestore/cloud_firestore.dart';
import 'package:password_safe/models/crush.dart';
class Database {
late FirebaseFirestore _db;
late CollectionReference crushCollection;
final String _logName = "Database";
static final Database _instance = Database._internal();
Database._internal() {
try {
_db = FirebaseFirestore.instance;
crushCollection = _db.collection('crush');
} catch (e) {
// do something
}
}
factory Database() {
return _instance;
}
Future<void> addCrush(Crush crush) async {
await crushCollection
.add(crush.toMap())
.then(
(value) => developer.log('adding crush to backend', name: _logName),
)
.catchError(
(error) => developer.log('Error while adding crush',
name: _logName, error: error),
);
}
Stream<List<Crush>> get getCrushSnapshot {
return crushCollection
.snapshots()
.map((event) => _crushListFromSnapshot(event));
}
List<Crush> _crushListFromSnapshot(QuerySnapshot snapshot) {
return snapshot.docs.map((e) {
Map<String, dynamic> data = e.data() as Map<String, dynamic>;
data.addAll({'id': e.id});
return Crush.fromMap(data);
}).toList();
}
Future<void> deleteCrush(Crush crush) {
return crushCollection
.doc(crush.id)
.delete()
.then((value) =>
developer.log('deleting crush from backend', name: _logName))
.onError((error, stackTrace) => developer.log(
'error occured while deleting data from crush',
name: _logName,
error: error,
stackTrace: stackTrace));
}
}
發布規范.yaml
dependencies:
cloud_firestore:
google_sign_in: '^4.5.1'
firebase_auth:
firebase_core:
flutter:
sdk: flutter
uj5u.com熱心網友回復:
您的查詢約束與安全規則約束不匹配。您正在嘗試獲取/crush/* (根據您的資料庫查詢),但您只能/crush/{doc}根據您的 Firestore 安全規則進行訪問。
即使當前用戶實際上是每個檔案的作者,查詢也會失敗。出現這種行為的原因是,當 Cloud Firestore 應用您的安全規則時,它會根據其潛在結果集而不是您資料庫中檔案的實際屬性來評估查詢。如果查詢可能包含違反您的安全規則的檔案,則查詢將失敗。
因此,您需要過濾您的資料庫查詢以匹配檔案的 uid 欄位與 auth.uid。像這樣的東西:
var user = FirebaseAuth.instance.currentUser;
db.collection("crush").where(“uid”, "==", user.uid).get()
您可以在此處閱讀有關基于 auth.id 保護和查詢檔案的更多資訊。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/430099.html
標籤:火力基地 扑 谷歌云火库 firebase-安全