出于某种原因,我无法使用自定义令牌在带有自定义令牌的路径中工作。用户具有分配的自定义标记,如admin: true
和ySWLb8NSTj9sur6n2CbS: true
service firebase.storage {
match /b/{bucket}/o {
match /conferences/{confId}/sponsors/{sponsId=**} {
allow read: if request.auth.uid != null
allow write: if request.auth.token.confId == true
}
}
}
我试图从客户端写入/conferences/ySWLb8NSTj9sur6n2CbS/sponsors/whatever.jpeg并拒绝访问。
如果我现在更改到下面它可以正常工作。
service firebase.storage {
match /b/{bucket}/o {
match /conferences/{confId}/sponsors/{sponsId=**} {
allow read: if request.auth.uid != null
allow write: if request.auth.token.admin == true
}
}
}
我甚至测试了它将自定义令牌更改为ySWLb8NSTj9sur6n2CbS: "ySWLb8NSTj9sur6n2CbS"
然后尝试下面没有成功并获得拒绝访问!
service firebase.storage {
match /b/{bucket}/o {
match /conferences/{confId}/sponsors/{sponsId=**} {
allow read: if request.auth.uid != null
allow write: if request.auth.token.confId == confId
}
}
}
我觉得由于某种原因没有拿到通配符,或者我在这里忽略了什么?在文档中我发现了这个:https://firebase.google.com/docs/storage/security/user-security?authuser=0
所以我想出来的另一种方式是因为一些奇怪的原因。我已经以数组的形式向用户分配了自定义声明。在那个数组中你有confId。所以我检查相关的confId是否在该数组中。
service firebase.storage {
match /b/{bucket}/o {
match /conferences {
match /{confId}/sponsors/{sponsorId} {
allow read: if confId in request.auth.token.userEvents
allow write: if confId in request.auth.token.adminEvents
}
}
}
}