问题
Database Rules for Documents Created with HTTP Cloud Function
The attached image shows two things:
Screenshot of Firestore database collection with one document that was created via http cloud function
Screenshot of Firestore 2.0 rules.
Rule
The rule allow create: if request.resource.data.replyTo == "hello"; was written to prevent any document from being created unless 'replyTo' == "hello".
Question Why was the document allowed to be created when 'replyTo' == 'john@smith.com' ?
回答1:
Cloud Firestore Security Rules is only for the Android, iOS, and Web client libraries. Not for server side(cloud functions using firebase admin SDK).
See https://firebase.google.com/docs/firestore/security/overview
For mobile and web client libraries, use Firebase Authentication and Cloud Firestore Security Rules to handle serverless authentication, authorization, and data validation. Learn how to secure your data for the Android, iOS, and Web client libraries with Cloud Firestore Security Rules.
来源:https://stackoverflow.com/questions/60191098/firestore-database-rules-create-rule-not-working-for-cloud-functions