FirebaseError: [code=permission-denied]: 权限缺失或不足

Question

我在服务中有一个简单的集合引用

    firebase.auth().onAuthStateChanged(user => {
      if (user) {
          this.itineraryCollection = firebase
            .firestore()
            .collection(`itinerary/${user.uid}/itineraryList`);
        }
      });

我正在调用此服务 OnInit

  ngOnInit() {
    this.loggedInUser = firebase.auth().currentUser;
    this.dataSvc.getItineraries()
    .get()
    .then( itineraryListSnapshot => {
      this.itineraries = [];
      itineraryListSnapshot.forEach(snap => {
        this.itineraries.push({
          id: snap.id,
          activities: snap.data().activities,
          destination: snap.data().destination,
          startDate: snap.data().startDate,
          endDate: snap.data().endDate,
          tripDetails: snap.data().tripDetails,
          userId: snap.data().userId
        });
      });
    });

    // this.itineraries = this.dataSvc.getUserItinerary();
    console.log('logged in user add itin page', this.itineraries);
  }

但是我在页面初始化时不断收到以下错误：

vendor.js:49548 ERROR Error: Uncaught (in promise): FirebaseError: [code=permission-denied]: Missing or insufficient permissions.
FirebaseError: Missing or insufficient permissions.
    at new FirestoreError (vendor.js:76086)
    at JsonProtoSerializer.push../node_modules/@firebase/firestore/dist/index.cjs.js.JsonProtoSerializer.fromRpcStatus (vendor.js:81385)
    at JsonProtoSerializer.push../node_modules/@firebase/firestore/dist/index.cjs.js.JsonProtoSerializer.fromWatchChange (vendor.js:81882)
    at PersistentListenStream.push../node_modules/@firebase/firestore/dist/index.cjs.js.PersistentListenStream.onMessage (vendor.js:90087)
    at vendor.js:90016
    at vendor.js:90056
    at vendor.js:83144
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (polyfills.js:2749)
    at Object.onInvoke (vendor.js:51123)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (polyfills.js:2748)
    at resolvePromise (polyfills.js:3189)
    at resolvePromise (polyfills.js:3146)
    at polyfills.js:3250
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (polyfills.js:2781)
    at Object.onInvokeTask (vendor.js:51114)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (polyfills.js:2780)
    at Zone.push../node_modules/zone.js/dist/zone.js.Zone.runTask (polyfills.js:2553)
    at drainMicroTaskQueue (polyfills.js:2959)
    at push../node_modules/zone.js/dist/zone.js.ZoneTask.invokeTask (polyfills.js:2860)
    at ZoneTask.invoke (polyfills.js:2845)

我不确定我在 firebase 中的数据库规则应该是什么，但我尝试了很多不同的规则：

      match /itinerary/{userId} {
            allow read; 
            allow write;
      }
      
            match /itinerary/{userId}/itineraryList {
            allow read; 
            allow write;
      }

任何帮助将不胜感激

Answer 1

将此添加到您的数据库规则选项卡：

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write;
    }
  }
}

Answer 2

尝试将规则更改为：

match /itinerary/{userId}/itineraryList/{doc} {
  allow read, write: if true;
}

请注意，'true' 的 if 条件仅用于测试，因为它允许每个人都对该资源进行访问。我只建议在这里测试规则是否有效。

添加/{doc}到匹配项 - 允许将规则应用于您正在保护的文档。

Answer 3

我通过将数据库规则更改为允许任何人读取来解决这个问题，但只为连接的用户保留创建、更改、删​​除和更新的方法。注释部分是为了以后的实现，您已经为每个登录的用户定义了管理员规则，因此您可以传递到那里，只有管理员用户才能更改。

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if true;
      allow create, update, delete, write: if request.auth != null;
      //allow create, update, delete, write: if request.auth != null && request.auth.uid == userIdAdmin;
    }
  }
}