Asi*_*taq 1 android firebase firebase-security google-cloud-firestore
我想限制用户使用特定的 gmail 域登录我的 Firestore 应用程序。我在这里发现了类似的问题,但这与 Firestore 完全不同。所以让我解释一下我的要求我想要什么。
Suppose one company called abc.com are using the gmail services and they have integrated their all email accounts to gmail. So they can use gmail email services using that account. So I want to restrict to users that only use the username@abc.com gmail account to login to my firestore app.
I have searched a lot but didn't found any documentation about this.
对此似乎没有可靠的 Firestore 解决方案,但我有一个复合解决方案:
抱歉粘贴片段,但我无法让格式化程序格式化所有代码。
我的组件代码:
ngOnInit(): void {
this.leadsDataSubscription = this.leadService.getLeadsSnapshot()
.pipe(
catchError((e: any) => Observable.throw(this.errorHandler(e)))
)
.subscribe(data => {
this.leadsDataSource.data = data;
this.leadsDataSource.paginator = this.paginator;
this.leadsDataSource.sort = this.sort;
});
this.currentUser = this.authSvc.getCurrentUser();
}
private errorHandler(error: any) {
if (error.name === 'FirebaseError' && error.code === 'permission-denied') {
this.leadsDataSubscription.unsubscribe()
this.authSvc.logout('/unauthorized');
}
}我的服务代码
logout(redirectURL?: string) {
this.unsubscribe()
this.afAuth.auth.signOut()
.then(response => {
this.snackBar.open('Signed out');
this.router.navigate([redirectURL || '/']);
})
.catch(error => this.snackBar.open('Error signing out: ' + error));
}Firestore 规则:
match /leads/{document=**} {
allow read: if isAllowedDomain() && isSignedIn();
allow update: if isAllowedDomain() && isSignedIn() && canUpdate()
allow delete: if isAllowedDomain() && isSignedIn() && isCreator() && canWrite() || isGod()
allow create: if isAllowedDomain() && isSignedIn() && userExists();
}
function isAllowedDomain() {
return request.auth.token.email_verified == true &&
request.auth.token.email.matches(".*@workdomain.se") ||
request.auth.token.email.matches(".*@privatedomain.org")
}
| 归档时间: |
|
| 查看次数: |
3233 次 |
| 最近记录: |