具有自定义令牌的Firebase存储通配符规则

问题描述 投票:0回答:1

出于某种原因,我无法使用自定义令牌在带有自定义令牌的路径中工作。用户具有分配的自定义标记,如admin: trueySWLb8NSTj9sur6n2CbS: true

service firebase.storage {
  match /b/{bucket}/o {
        match /conferences/{confId}/sponsors/{sponsId=**} {
        allow read: if request.auth.uid != null
        allow write: if request.auth.token.confId == true
    }
  }
}

我试图从客户端写入/conferences/ySWLb8NSTj9sur6n2CbS/sponsors/whatever.jpeg并拒绝访问。

如果我现在更改到下面它可以正常工作。

service firebase.storage {
  match /b/{bucket}/o {
        match /conferences/{confId}/sponsors/{sponsId=**} {
        allow read: if request.auth.uid != null
        allow write: if request.auth.token.admin == true
    }
  }
}

我甚至测试了它将自定义令牌更改为ySWLb8NSTj9sur6n2CbS: "ySWLb8NSTj9sur6n2CbS"然后尝试下面没有成功并获得拒绝访问!

service firebase.storage {
  match /b/{bucket}/o {
        match /conferences/{confId}/sponsors/{sponsId=**} {
        allow read: if request.auth.uid != null
        allow write: if request.auth.token.confId == confId
    }
  }
}

我觉得由于某种原因没有拿到通配符,或者我在这里忽略了什么?在文档中我发现了这个:https://firebase.google.com/docs/storage/security/user-security?authuser=0

firebase firebase-storage firebase-security-rules
1个回答
0
投票

所以我想出来的另一种方式是因为一些奇怪的原因。我已经以数组的形式向用户分配了自定义声明。在那个数组中你有confId。所以我检查相关的confId是否在该数组中。

service firebase.storage {
  match /b/{bucket}/o {
        match /conferences {
        match /{confId}/sponsors/{sponsorId} {
        allow read: if confId in request.auth.token.userEvents
        allow write: if confId in request.auth.token.adminEvents
      }
    }
  }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.