Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
177 views
in Technique[技术] by (71.8m points)

firebase - Firestore update rule intervenes with create

I want users to be able to create a message (with contact form), but not allow them to read or update. I am adding a new contact as follows:

app.firestore().collection("messages").add({
            name: this.state.name,
            subject: this.state.subject,
            message: this.state.message});

With the following security rules this is allowed:

match /messages/{message}{
    allow read, delete: if request.auth.uid=="<SOME_ID>";
    allow create: if true;
}

But when I add an update rule like below, I get an unsufficient permission error when adding a new message.

match /messages/{message}{
    allow read, delete, update: if request.auth.uid=="<SOME_ID>";
    allow create: if true;
}

If I move the update rule below the create, this still doesn't work. But have tried, to set update to "always allow/true" after which the add action works again.

It therefore seems that Firestore somehow looks at the strictest rule out of the update and create rules, but only if the rule for update is explicitly defined. Am I doing something wrong here?

Edit:

match /messages/{message}{
allow read, delete: if request.auth.uid=="<SOME_ID>";
allow create: if true;  allow update: if false  }

Does not lead to permission issues.. So the behaviour seems specific to the type of check I am doing here..

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...