3

Cloud Function 在更新或删除时收到 Firebase 权限被拒绝错误。

服务帐户使用文件中的凭据进行初始化,以便使用auth.createCustomToken当前不可用于默认帐户的凭据

admin = require('firebase-admin');
functions = require('firebase-functions');
credential = admin.credential.cert(require('./credentials.json'));
admin.initializeApp({credential: credential, databaseURL: functions.config().firebase.databaseURL});

阻止更新的安全规则:

"downloads": {
  "$key": {
    ".write": "data.val() == null"
  }
}

用户将数据插入其中,push然后/downloadsCloud Function 尝试更新并随后删除。即使管理员帐户应该绕过包括验证在内的所有安全规则,这两项操作都会失败。

FIREBASE WARNING: update at /downloads/-Kexz33ljYjKblF_ZgUo failed: permission_denied
FIREBASE WARNING: set at /downloads/-Kexz33ljYjKblF_ZgUo failed: permission_denied

如果我将规则更改为此,第一个错误(更新)会消失:

"downloads": {
  "$key": {
    ".write": "newData.child('uid').val() == auth.uid"
  }
}

更新

解决方法是重新定义event.data.ref

ref = admin.database().ref(event.data.ref.path.toString())
4

1 回答 1

15

Within the event.data object returned to your Cloud Function's onWrite() callback, there are two types of Database references: one that is scoped to to the same permissions as the user who triggered the write (event.data.ref) and one that is scoped with admin rights, granting full read and write access (event.data.adminRef). I can't tell since you didn't provide a code sample showing your Cloud Function, but I bet you are using event.data.ref. Switching to use event.data.adminRef should resolve your problem.

于 2017-03-12T17:55:21.853 回答