firebase-security

问题 I'm actively using both of Firebase Realtime Database and Firestore. There is a case in which I need to check a document on Firestore to allow user to write on Firebase Realtime Database. Basically, I need to access user's document in the users collection on Firestore to allow user to create a post under the posts node on Firebase Realtime Database. Is something like this possible, by any chance? "rules": { "posts": { ".write": "get(/databases/$(database)/documents/users/$(auth.uid)).data

问题 I'm actively using both of Firebase Realtime Database and Firestore. There is a case in which I need to check a document on Firestore to allow user to write on Firebase Realtime Database. Basically, I need to access user's document in the users collection on Firestore to allow user to create a post under the posts node on Firebase Realtime Database. Is something like this possible, by any chance? "rules": { "posts": { ".write": "get(/databases/$(database)/documents/users/$(auth.uid)).data

问题 I have a firestore database with two collections: 'notes', where each document stores the content for each note and the authorId (which corresponds to the currently signed in users uid), and 'users', where the name of the user is stored and the id of each document is the uid of the user. This way, the author of the note is connected to the user in firestore. I am trying to make a web application where only the notes that the user created (authorId == uid) are shown and the other notes are not

问题 Project A has Firebase Authentication and Project B has Firebase Firestore. Both Authentication and Firestore are working correctly using: https://firebase.google.com/docs/projects/multiprojects (Web) However when writing the following Project B Firestore Security Rules: rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /users/{uid} { allow get: if request.auth.uid == uid; } } } I get an error: Missing or insufficient permissions Because the

问题 I currently have two arrays in a single document, one representing product ids and the other representing user ids. In my query, I need to query both of the arrays for firestore security rules to work correctly, but to do that, I tried using array-contains and in in the same query, which is acceptable in the documentation, but when I go to query, I get "missing or insufficient permissions". db.collection('Depots') .where("products", "array-contains", productId) .where("users", "in",

问题 I have a users collection where each document contains a name field and and an access map. "users" :[ { "mHbVq5TUY7brlleejClKm71NBGI2": { "name": "Bob Johnson", "access": { "X0w1VaVIljR1Nc5u3Sbo" : true } } ] I would like the Firestore rules to allow creation of a new document only if it doesn't already exist and only if the person performing the action has had their email verified. For the update, only the user owning that node can perform the update, the name must be a string, and the

问题 Our database structure looks like that: trips 12345 toArea radius: 150 name: "citycenter" 54321 toArea radius: 250 name: "main street" We tried to create some rules for read from document: match /chats/{trip} { match /messages/{message} { allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null } } It's works fine but next rules doesn't works: allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null allow read, write:

问题 Our database structure looks like that: trips 12345 toArea radius: 150 name: "citycenter" 54321 toArea radius: 250 name: "main street" We tried to create some rules for read from document: match /chats/{trip} { match /messages/{message} { allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null } } It's works fine but next rules doesn't works: allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null allow read, write:

问题 I am trying to validate birthdays using the following regex: ^(?:(?:31(\/|-|\.)(?:0?[13578]|1[02]))\1|(?:(?:29|30)(\/|-|\.)(?:0?[1,3-9]|1[0-2])\2))(?:(?:1[6-9]|[2-9]\d)?\d{2})$|^(?:29(\/|-|\.)0?2\3(?:(?:(?:1[6-9]|[2-9]\d)?(?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00))))$|^(?:0?[1-9]|1\d|2[0-8])(\/|-|\.)(?:(?:0?[1-9])|(?:1[0-2]))\4(?:(?:1[6-9]|[2-9]\d)?\d{2})$ This regex works when tested in an online regex tester, but when I try to use this regex inside my firebase

问题 So I'm trying to build an http endpoint using a Cloud function. This cloud function is only invoked after the user signs in. So I can pass the user token and verify it on the server side. I understand how to do this. I also have security rules on my Firestore collections with authorization rules set up using request.auth.uid. This also just works if I use the firebase web sdk. But my question is - how do I use the same authorization rules via cloud functions? I don't want to rewrite my auth