firebase-security

问题 I got an email that indicates I was developing in "test mode", but that it left my database completely open to the internet. The default rules I initially accepted look like this: rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { // This rule allows anyone on the internet to view, edit, and delete // all data in your Firestore database. It is useful for getting // started, but it is configured to expire after 30 days because it // leaves your app open to

问题 This question already has answers here : Firebase how to prevent duplicate entries atomically (4 answers) Closed 3 years ago . Here is my database structure for categories I want prevent duplicate data using Firebase rules here is my firebase rule { "rules": { ".read": "auth != null", ".write": "auth != null", "categories": { "$catid": { ".validate": "!root.child(newData.child('type').val()).exists()" } } } } When I am trying to insert again java it's inserting duplicate of java how do I

问题 This are my rules, applied to an img dir: match /img { match /{fileId} { allow read, write: if request.resource.contentType.matches('image/jpeg') || request.resource.contentType.matches('image/png') || request.resource.contentType.matches('image/gif') && request.resource.size < 2 * 1024 * 1024 } } } The problem is that those rules are also being applied to delete() as it is a write method too, so it always returns a permission error. I couldn't find anything in the documentation regarding

问题 I'm currently trying to build small app on firebase as an evaluation of it. It looks interesting and super productive, but I have one problem with firestore rules. I have one collection (games) with objects looking like this: { "name":String, "description":String, "owners": { "uid": String "uid2": String } } And rules set like this: service cloud.firestore { match /databases/{database}/documents { match /games { match /{game} { allow write: if request.auth != null && request.resource.data

问题 I'm currently trying to build small app on firebase as an evaluation of it. It looks interesting and super productive, but I have one problem with firestore rules. I have one collection (games) with objects looking like this: { "name":String, "description":String, "owners": { "uid": String "uid2": String } } And rules set like this: service cloud.firestore { match /databases/{database}/documents { match /games { match /{game} { allow write: if request.auth != null && request.resource.data

问题 Currently I've been looking at FireBase, and have been using the AngularJS plugin, and have found the following problem I cannot get out of. I currently have implemented the simple login system. Logged in with my mail and password after registering, I create a post like this: post = { name: "Hi", message: "Guys", user_id: Auth.user.id // for my current user this is 1 } posts.$add(post) From this point on everything is fine. Now what I wanted to do is that in the posts/ endpoint on firebase, I

问题 I am getting an error when deploying rules using the deploy command in CI firebase deploy --only firestore:rules --non-interactive Output: i deploying firestore i firestore: checking firestore.rules for compilation errors... ✔ firestore: rules file firestore.rules compiled successfully i firestore: uploading rules firestore.rules... i firestore: quota exceeded error while uploading rules ? You have 2501 rules, do you want to delete the oldest 10 to free up space? (y/N) I can fix the problem

问题 How do I configure permissions so that a user can only read and write documents where they are the owner? my documents have a top level attribute called owner. I read these docs https://firebase.google.com/docs/firestore/security/secure-data?authuser=0#the_resource_variable and it seems like this should work? service cloud.firestore { match /databases/{database}/documents { match /analysis/{analysis} { allow read, write: if request.auth.email == resource.data.owner } } } however this doesn't

问题 I read through the collection group query documentation and was wondering if the recursive wildcard ( rules_version = '2' ) {path=**} was mandatory in order for collection group queries to work. I will give you an example (following the example from the documentation): The database uses a forums collections with different forums. Each forum can have multiple posts . This results in the following structure: forums/{forum}/posts/{post} . Both of the following snippets will successfully match

问题 I am trying to write security rules on my Firestore database to allow read of documents within a collection with status value as published . But, it does not allow read for any document for the collection once the rule is published. I am following the permission settings as described on the official doc. https://firebase.google.com/docs/firestore/security/rules-conditions But, it is not working as expected. service cloud.firestore { match /databases/{database}/documents { match /articles/