angular - Firestore : Delete document and security rules-6ren

angular - Firestore : Delete document and security rules

转载作者：行者123 更新时间：2023-12-03 16:08:32

描述

我在使用Firestore处理删除时遇到问题。简而言之，我为这样的帖子创建了安全规则:

首先，规则中有一些功能:

服务cloud.firestore {

function userRoles() {
    return ['admin', 'customer', 'reader'];
}

function userGenders() {
    return ['mal', 'female', 'other'];
}

function postVisibilities() {
    return ['public', 'private', 'protected'];
}

function postType() {
    return ['music', 'motion_design', 'graphic_art'];
}

function isPayment(paymentDoc) {
    return paymentDoc != null
        && paymentDoc.date is timestamp
        && paymentDoc.price is number
        && paymentDoc.price is number
        && paymentDoc.price > 0;
}

function isBill(billDoc) {
    return billDoc.sellerId is string
        && billDoc.buyerId is string
        && billDoc.postIds != null
        && billDoc.date is timestamp
        && billDoc.paymentDoc != null
        && isPayment(billDoc.paymentDoc);
}

function isAccount(accountDoc) {
    return accountDoc.isRegistered is bool
        && accountDoc.addressId is string
        && accountDoc.contactId is string
        && accountDoc.email is string
        && accountDoc.username is string
        && accountDoc.gender is string
        && accountDoc.gender in userGenders()
        && accountDoc.role is string
        && accountDoc.role in userRoles();
}

function isPost(postDoc) {
    return postDoc.createdAt is timestamp
        && postDoc.updatedAt is timestamp
        && postDoc.title is string
        && postDoc.text is string
        && postDoc.image is string
        && postDoc.authorId is string
        && postDoc.visibility is string
        && postDoc.visibility in postVisibilities();
}

function isVote(voteDoc) {
    return voteDoc.authorId is string
        && voteDoc.reaction is string
        && voteDoc.reaction in ['up', 'down'];
}

function isComment(commentDoc) {
    return commentDoc.authorId is string
        && commentDoc.message is string;
}

function isSingle(doc) {
    return doc.size() == 1;
}

match /databases/{database}/documents {

    function userExists(userId) {
        return userId != null && exists(/databases/$(database)/documents/accounts/$(userId));
    }

    function getUserRole(userId) {
        return get(/databases/$(database)/documents/accounts/$(userId)).data.roles;
    }

    function hatUserRole(userId, role) {
        return getRoleForUser(userId) in role;
    }

    match /{document=**} {
        allow read: if true;
        allow write: if false;
    }

    match /accounts/{accountId} {

        allow create: if isAccount(request.resource.data)
                            && (request.auth.uid == accountId || hatUserRole(request.auth.uid, ['admin']));
        allow update: if request.auth.uid == accountId || hatUserRole(request.auth.uid, ['admin']);
        allow delete: if hatUserRole(request.auth.uid, ['admin']);

        match /contacts/{contactId} {
            allow write: if isSingle(request.resource.data)
                        && request.auth.uid == accountId;
            allow read: if userExists(request.auth.uid);
        }

        match /favorites/{favoriteId} {
            allow write: if isSingle(request.resource.data)
                        && request.auth.uid == accountId;
            allow read: if userExists(request.auth.uid);
        }

        match /votes/{voteId} {

            allow create: if isVote(request.resource.data)
                        && userExists(request.auth.uid);
            allow update: if userExists(request.auth.uid)
                        && isVote(request.resource.data)
                        && request.resource.data.authorId == request.auth.uid
            allow delete: if userExists(request.auth.uid)
                        && (request.auth.uid == accountId
                        || hatUserRole(request.auth.uid, ['admin']))
        }
    }

    match /bills/{billId} {
        allow create: if isBill(request.resource.data)
                    && userExists(request.resource.data.sellerId)
                    && userExists(request.resource.data.buyerId)
                    && (request.resource.data.buyerId == request.auth.uid
                    || request.resource.data.sellerId == request.auth.uid);
        allow update, delete: if false;
        allow read: if request.resource.data.buyerId == request.aut.uid
                        || request.resource.data.sellerId == request.aut.uid;
    }

    match /posts/{postId} {

        function publicPost() {
              return get(/databases/$(database)/documents/posts/$(postId)).data.visibility == 'public';
        }

        function postVisibility() {
            return get(/databases/$(database)/documents/posts/$(postId)).data.visibility;
        }

        function protectedPost() {
            return userExists(request.auth.uid)
                && get(/databases/$(database)/documents/posts/$(postId)).data.visibility == 'public';
        }

        function findPostAuthor(pathToFind) {
                return get(/databases/$(database)/documents/posts/$(pathToFind)).data.authorId
        }

        allow create, update: if isPost(request.resource.data)
                    && userExists(request.auth.uid)
                    && request.resource.data.authorId == request.auth.uid;
        allow read: if request.resource.data.visibility == 'public';
        allow delete: if userExists(request.auth.uid)
                    && findPostAuthor(request.resource.id) == request.auth.uid;

        match /votes/{voteId} {
            allow read: if protectedPost(postId)
                        || publicPost(postId);
            allow create: if isVote(request.resource.data)
                        && postVisibility(postId) in ['public', 'protected']
                        && userExists(request.auth.uid);
            allow update: if isVote(request.resource.data)
                        && request.resource.data.authorId == request.auth.uid;
            allow delete: if userExists(request.auth.uid)
                        && (request.auth.uid == request.resource.data.authorId
                        || hatUserRole(request.auth.uid, ['admin']));
        }

        match /comments/{commentId} {
            allow read: if protectedPost(postId) || publicPost(postId);
            allow create: if isComment(request.resource.data)
                        && postVisibility(postId) in ['public', 'protected']
                        && userExists(request.auth.uid);
            allow update: if isComment(request.resource.data)
                        && request.resource.data.authorId == request.auth.uid;
            allow delete: if userExists(request.auth.uid)
                        && (request.auth.uid == request.resource.data.authorId
                        || hatUserRole(request.auth.uid, ['admin']));
        }
    }
}
}

对于创建和更新，一切正常。

之后，我创建了两个方法实现来删除文档，其中两个使用 id:

public deletePost(postId: string): Observable<void> {
    const postRef = this.db.collection('posts').doc(postId).ref;

    return fromPromise(this.db.firestore.runTransaction((transaction => {
        return transaction.get(postRef).then(snapshot => {
            if (!snapshot.exists) {
                this.snackBar.open('Post doesn\'t exist', 'close');
            } else {
                const auth = snapshot.data().authorId === this._userId;
                if (auth) {
                    transaction.delete(postRef);
                } else {
                    this.snackBar.open('You\' not allowed to do that!');
                }
            }
        });
    })));
}

使用交易，以及:

protected removeElement(elementId: string): Observable<any> {
    return fromPromise(this.db.collection(this.dbCollection).doc(elementId).delete());
}

不使用任何交易，简单删除。

问题

这些方法都不起作用。

使用第一种方法时，我得到:

ERROR Error: Server responded with status 
at new FirestoreError (index.cjs.js:346)
at T.<anonymous> (index.cjs.js:6901)
at Ab (index.js:23)
at T.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.dispatchEvent (index.js:21)
at te (index.js:66)
at ve (index.js:69)
at T.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.jb (index.js:67)
at T.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.Na (index.js:67)
at XMLHttpRequest.wrapFn (zone.js:1188)
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:421)
at Object.onInvokeTask (core.js:3815)
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:420)
at Zone.push../node_modules/zone.js/dist/zone.js.Zone.runTask (zone.js:188)
at ZoneTask.push../node_modules/zone.js/dist/zone.js.ZoneTask.invokeTask [as invoke] (zone.js:496)
at invokeTask (zone.js:1540)
at XMLHttpRequest.globalZoneAwareCallback (zone.js:1566)

我得到第二个:

ERROR Error: Missing or insufficient permissions.
at new FirestoreError (index.cjs.js:346)
at index.cjs.js:7088
at W.<anonymous> (index.cjs.js:7033)
at Ab (index.js:23)
at W.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.dispatchEvent (index.js:21)
at Re.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.Re.Ca (index.js:98)
at ye.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.Oa (index.js:86)
at dd (index.js:42)
at ed (index.js:39)
at ad (index.js:37)
at L.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.Sa (index.js:36)
at L.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.nb (index.js:35)
at Ab (index.js:23)
at T.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.dispatchEvent (index.js:21)
at ve (index.js:68)
at T.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.jb (index.js:67)
at T.push../node_modules/@firebase/webchannel-wrapper/dist/index.js.g.Na (index.js:67)
at XMLHttpRequest.wrapFn (zone.js:1188)
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:421)
at Object.onInvokeTask (core.js:3815)
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:420)
at Zone.push../node_modules/zone.js/dist/zone.js.Zone.runTask (zone.js:188)
at ZoneTask.push../node_modules/zone.js/dist/zone.js.ZoneTask.invokeTask [as invoke] (zone.js:496)
at invokeTask (zone.js:1540)
at XMLHttpRequest.globalZoneAwareCallback (zone.js:1566)

因为我不确定问题出在哪里，所以我有一些理论:

也许在rules中，当我写的时候
allow delete: if userExists(request.auth.uid) && findPostAuthor(request.resource.data.id) == request.auth.uid;
我认为，因为我只使用Id直接查看文档，所以request.resource.data.id不得包含任何内容。

我还认为，如果transactions不起作用，可能是因为它的实际工作方式与我们在其他事务功能上看到的方式确实不同。

当我使用 angularFire2时，this.db => AngularFirestore，this.dbCollection =>'posts'，在任何帖子的结构中，都有一个 autorId字段，它是一个字符串。

最佳答案

对于delete，您需要将request.auth.uid与resource.data.uid而不是request.resource.data.uid进行比较。例如:

match /bookmarks/{id} {
  allow create: if request.resource.data.uid == request.auth.uid
  allow read, delete: if resource.data.uid == request.auth.uid
}

关于angular - Firestore : Delete document and security rules，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/52024666/

文章推荐： google-analytics - ga_sessions_YYYMMDD中的ga:itemQuantity(大查询)

文章推荐： macos - 使用反向路径的 CGContextClip()

文章推荐： cocoa - 从 NSScrollView/NSCollectionView 中删除边框

文章推荐： google-analytics - 跟踪由GTM插入的GA上的自定义事件

makefile - 使: rule call rule
在 makefile 中，我可以从另一个规则调用一个规则吗？类似于: rule1: echo "bye" rule2: date rule3: @ec
带有 not(rule AND rule ...) 的 css 选择器
我想创建一个只匹配外部链接的 CSS 选择器。问题是它似乎不适用于 :not() 中的多个规则。我不能使用多个 not ( example: ":not():not()") 因为那变成了 ||而不是
javascript - 在 Javascript 中动态创建 CSS at rules (@rules)
我正在动态创建 CSS 动画，所以我需要在我的文档中插入一个 CSS 计时函数。如: @-webkit-keyframes slide { from { -webkit-transfo
css - SassError : @use rules must be written before any other rules. Angular
错误内容: Error: Module build failed (from ./node_modules/mini-css-extract-plugin/dist/loader.js): HookW
sass - scss 捆绑错误 : @use rules must be written before any other rules
我有这样的文件结构: ---- _base-map.scss ---- _child-map-1.scss ---- _child-map-2.scss ---- _child-map-3.scss
Python规则引擎: Durable Rules JSON Rule Format to Support NOT operator
我正在利用 engine.Host 类创建自己的规则引擎实例，并通过 JSON 文件加载规则并调用 set_rulesets() 方法。这一切都运行良好。持久规则:https://pypi.org/
What is rule position of an event rule in Eventbridge documentation of Serverless(事件规则在无服务器的EventBridge文档中的规则位置是什么)
在无服务器(https://www.serverless.com/framework/docs/providers/aws/events/event-bridge)，的EventBridge文档中提到
What is rule position of an event rule in Eventbridge documentation of Serverless(事件规则在无服务器的EventBridge文档中的规则位置是什么)
在无服务器(https://www.serverless.com/framework/docs/providers/aws/events/event-bridge)，的EventBridge文档中提到
Azure 防火墙 : Most common Azure Firewall Policy Rule Collection Rules
系统要求我使用最常用的网络规则和应用程序规则配置 Azure 防火墙策略规则集合。我收集了以下详细信息，其中捕获了最常用的网络规则和应用程序规则。但是我不确定我是否遗漏了任何被认为是最常见的规则？
c++ - boost::spirit: qi::rule 或包含 qi::rule 作为解析结果的结构
我想做的是在运行时从 ABNF 语法文件创建一个解析器。我已经在 qi::grammar 中实现了所有 ABNF 规则，如下所示: typedef /*qi::rule or struct conta
performance - 填充多边形 : Performance of Winding Rule vs Even Odd Rule
对于复杂的多边形(即:自相交)，选择缠绕填充规则还是奇偶填充规则会影响多边形的填充方式。但对于非相交多边形，缠绕或奇偶填充规则之间是否存在任何性能差异。我知道这将是特定于实现的，但哪种算法对于非复杂
c++ - 是否有任何静态分析工具可以检查 Rule of 3(或 Rule of 5 C++11)
关闭。这个问题不符合Stack Overflow guidelines .它目前不接受答案。我们不允许提问寻求书籍、工具、软件库等的推荐。您可以编辑问题，以便用事实和引用来回答。关闭 8 个月前
javascript - 如何解决 "Definition for rule ' @typescript-eslint/rule-name' 找不到"
我正在尝试将 TypeScript 编译添加到现有的 Javascript 项目中。 AFAIK 这应该是可能的(甚至很容易)，并且您可以通过代码库逐步传播 TS。不幸的是，这不是我所看到的——在添加
Firebase 错误 "Security Rules Error - specified security rules file does not exist"
尝试将 Firebase 部署到其托管服务时。我还使用 firebase 工具来发布安全规则。我看到此错误消息: $ firebase deploy Security Rules Error - s
sql - ANTLR4 : ordering problem of parser rules for a keyword used in several rules (AND, 之间)
我在使用 ANTLR4 解析某些 SQL 类型的字符串时遇到问题。解析后的字符串是: WHERE a <> 17106 AND b BETWEEN c AND d AND e BTW(f, g) 这是
java - Android 中的 Consumer-rules.pro 和 proguard-rules.pro 有什么区别？
我已经在 Android 中创建了一个模块以在我的主应用程序中使用，并且似乎有两个文件Consumer-rules.pro 和 proguard-rules.pro。我想了解以下内容所有模块代码都
python - 收到错误 : unable to load cross rule (invalid rule type or file does not exist)
我正在尝试在另一个自定义规则中加载自定义规则，这两个规则均由 Parasoft 规则向导创建。以下代码是作为方法放在调用规则中的python片段: def somePythonMethod(node
c++ - 提神气 : Take a rule's attribute and set it as a field of an enclosing rule's struct attribute?
像许多其他问题一样，我正在尝试使用 Boost.Spirit.Qi 将简单语法解析为结构树。我会尽量提炼我正在尝试做的事情，以尽可能最简单的情况。我有: struct Integer { int
syntax-error - Snakemake语法错误: No rule keywords allowed after run/shell/script/wrapper/cwl in rule
我的samtools_dup规则存在一些问题。它在/data/mypipeline.smk的第201行中显示“SyntaxError: 规则samtools_dup中的run/shell/scrip
azure - 'Inbound NAT rules' 与 Azure 负载均衡器 v2 中的 'Load Balancing Rules' 有何不同
有人可以向我解释一下这两种情况下负载均衡器(v2)后端实际发生的情况吗: 应用入站 NAT 规则。应用负载平衡规则。最佳答案当您有 1 台后端服务器或者您知道要访问哪个后端服务器时，您将使用 N

行者123

个人简介

我是一名优秀的程序员,十分优秀！

作者热门文章

滴滴打车优惠券免费领取

全站热门文章

首页

博学

6Ren·AI

商城

angular - Firestore : Delete document and security rules