At first, I set it as follows.There is no error, but I received a message that match/{document=**} allows all documents to be read, so I considered changing them.
rules_version='2';
service cloud.firestore {
match/databases/{database}/documents{
match / { document = **} {
allow read —if true
}
match/users/{usersID} {
allow write —if request.auth.uid==usersID
}
match/posts/{postsID}{
allow write: if 'users/' + request.auth.uid!=request.resource.data.user_id
}
}
}
So I made the following changes, but an error occurred and the client no longer has access.
rules_version='2';
service cloud.firestore {
match/databases/{database}/documents{
match/users/{usersID} {
allow read;
allow write —if request.auth.uid==usersID
}
match/posts/{postsID}{
allow read;
allow write: if 'users/' + request.auth.uid!=request.resource.data.user_id
}
}
}
Uncaught (inpromise) FirebaseError: Missing or invalid permissions.
I don't know the reason for the error because what I'm doing with both settings seems the same.
If you are familiar with it, could you tell me the reason why you can think of it?
*This is a security-related topic and includes information that requires attention.Be sure to check and validate yourself.
Perhaps there is a read target in the hierarchy that does not allow it to be read.
However, if you write data containing personal information in the original way, you will be allowed to read it worldwide.You must set the appropriate permissions.
I think we need to separate which data is private and which data is public.
Firebase is quite free, so instead of thinking hard, you can divide the hierarchy itself into private and public and separate the data completely.This is simple and robust, simply by configuring permissions that are accessible only to the person in the private zone and accessible to anyone in the public zone, and storing data according to that permission.
© 2024 OneMinuteCode. All rights reserved.