推荐 Firebase 安全规则不起作用

Question

我一直收到来自 Firebase 的电子邮件，说我的安全规则是安全的，所以我必须找到确保它们安全的正确方法。

Not recommended:

// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if true;
    }
  }
}

推荐：

service cloud.firestore {
  match /databases/{database}/documents {
    // Assign roles to all users and refine access based on user roles
    match /some_collection/{document} {
     allow read: if request.auth != null && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Reader"
     allow write: if request.auth != null && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Writer"

     // Note: Checking for roles in your database using `get` (as in the code
     // above) or `exists` carry standard charges for read operations.
    }
  }
}

就在我尝试推荐的规则之后，我的应用程序停止为经过身份验证的用户工作，我不得不保留不安全的规则以允许用户重新使用该应用程序...有人知道为什么会发生这种情况吗？

Answer 1

试试这个

service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}   
 match /your_collecton_name/{your_documents} {
allow read,write: if request.auth != null 
}
}
}