问题
This are my rules, applied to an img dir:
match /img {
match /{fileId} {
allow read,
write: if request.resource.contentType.matches('image/jpeg')
|| request.resource.contentType.matches('image/png')
|| request.resource.contentType.matches('image/gif')
&& request.resource.size < 2 * 1024 * 1024
}
}
}
The problem is that those rules are also being applied to delete() as it is a write method too, so it always returns a permission error. I couldn't find anything in the documentation regarding this. How can I defer from POST/PUT rules and DELETE rules?
回答1:
Found the solution by myself. By letting the rule to apply when there is no resource sent at all (delete), it also gets write permission. The rest of the create/update code is sent to an OR expression.
match /img {
match /{fileId} {
allow read,
write: if request.resource == null ||
(request.resource.contentType.matches('image/jpeg')
|| request.resource.contentType.matches('image/png')
|| request.resource.contentType.matches('image/gif')
&& request.resource.size < 2 * 1024 * 1024)
}
}
回答2:
This for those who wants specific user to create and delete.
// Grants a user access to a node matching their user ID
service firebase.storage {
match /b/{bucket}/o {
// Allow write files to the path "images/*", subject to the constraints:
// 1) File is less than 10MB
// 2) Content type is an image or Content type is null for delete operation
match /user/{userId}/images/{allPaths=**} {
allow read: if resource.size < 10 * 1024 * 1024
&& request.auth != null;
allow write: if request.auth.uid == userId
&& (
request.resource == null
||
(
request.resource.contentType.matches('image/.*')
&& request.resource.size < 10 * 1024 * 1024
)
)
}
}
}
来源:https://stackoverflow.com/questions/38922124/firebase-storage-post-rules-apply-to-delete-rules