问题
I'm having an issue when i try to access some documents. It says i don't have permission for accessing the docuemnt. So I have the following in the Firestore rules
match /reservations/reservations-request/list/{reservationInfo} {
allow read: if get(/databases/$(database)/documents/reservations/reservations-request/list/$(reservationInfo)/members-id/data).data.driverId == request.auth.uid ||
get(/databases/$(database)/documents/reservations/reservations-request/list/$(reservationInfo)/members-id/data).driverId == request.auth.uid;
allow write: if false;
}
In the simulator, when i use the same uid and phone number as i use in my application, it says that i'm allowed to get a document with this path. However, when i try to do the same thing in the application (with same user uid and phone number), it doesn't allows me to access documents. The code where i try to access the documents is this one:
fetchReservationsAsDriver(type: string, driverId: string): Promise < any > {
var size = 0;
var reservations: ReservationDB[] = [];
return new Promise((resolve, reject) => {
let reservation_aux;
firebase.firestore().collection('reservations').doc("reservations-requested").collection('list').where("driver.id", "==", driverId).get().then(function (array) {
size = array.size;
if (size == 0) {
resolve(reservations);
}
array.forEach(function (doc) {
reservation_aux = doc.data();
reservations.push(reservation_aux);
console.log(doc.id, " => ", doc.data());
});
resolve(reservations);
})
.catch(function (error) {
console.log("Error getting documents: ", error);
reject(error);
});
});
}
Thanks for helping!
--------- EDIT ----------
I figured out what is exactly the problem:
if i have this:
match /reservations/requested-reservations/list/{reservationInfo} {
allow read: if get(/databases/$(database)/documents/reservations/requested-reservations/list/$(reservationInfo)/members-id/data).data.driverId == request.auth.uid
}
firestore rules doesn't allows me to get any document from the collection "list", but, i figured out that if change for that rule:
match /reservations/requested-reservations/list/{reservationInfo} {
allow read: if get(/databases/$(database)/documents/reservations/requested-reservations/list/IYB0710-2018-06-13-1528922084314/members-id/data).data.driverId == request.auth.uid
}
firebase allows me to read the document (at least the document named "IYB0710-2018-06-13-1528922084314", which is one of the documents from the "list" collection).
This means that what is actually happening is that he is not replacing $(reservationInfo) with the documents name when i try to get a group of documents with this command from my application:
firebase.firestore().collection('reservations').doc(type).collection('list').where("driver.id", "==", driverId).get().then(function (array) {
// Do Something
})
来源:https://stackoverflow.com/questions/50825365/firestore-security-rule-get-is-not-working-when-performing-a-query-against-mul