Javascript Firebase 权限被拒绝
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/37403747/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Firebase Permission Denied
提问by Robert Prine
I'm relatively new to coding and am having trouble.
我对编码比较陌生,遇到了麻烦。
I have this code to send data to firebase
我有这个代码可以将数据发送到 firebase
app.userid = app.user.uid
var userRef = app.dataInfo.child(app.users);
var useridRef = userRef.child(app.userid);
useridRef.set({
locations: "",
theme: "",
colorScheme: "",
food: ""
});
However, I keep getting the error:
但是,我不断收到错误消息:
FIREBASE WARNING: set at /users/(GoogleID) failed: permission_denied 2016-05-23 22:52:42.707 firebase.js:227 Uncaught (in promise) Error: PERMISSION_DENIED: Permission denied(…)
FIREBASE WARNING: set at /users/(GoogleID) failed: permission_denied 2016-05-23 22:52:42.707 firebase.js:227 Uncaught (in promise) Error: PERMISSION_DENIED: Permission denied(...)
When I try to look this up it talks about rules for Firebase, which seems to be in a language that I haven't learned yet (or it is just going over my head). Can someone explain what is causing the issue? I thought it was that I was asking for it to store email and user display name and you just weren't allowed to do this, but when I took those out I still had the same problem. Is there a way to avoid this error without setting the rules, or are rules something I can teach myself how to write in a day, or am I just way out of my league?
当我尝试查找它时,它谈到了 Firebase 的规则,这似乎是一种我还没有学过的语言(或者它只是让我无法理解)。有人可以解释导致问题的原因吗?我以为是我要求它存储电子邮件和用户显示名称,而您不允许这样做,但是当我将它们取出时,我仍然遇到同样的问题。有没有办法在不设定规则的情况下避免这个错误,或者规则是我可以在一天内教自己如何写的东西,或者我只是脱离了我的联盟?
Thanks for any help!
谢谢你的帮助!
回答by Frank van Puffelen
By default the database in a project in the Firebase Consoleis only readable/writeable by administrative users (e.g. in Cloud Functions, or processes that use an Admin SDK). Users of the regular client-side SDKs can't access the database, unless you change the server-side security rules.
默认情况下,Firebase 控制台中项目中的数据库只能由管理用户读取/写入(例如在 Cloud Functions 或使用 Admin SDK 的进程中)。除非您更改服务器端安全规则,否则常规客户端 SDK 的用户无法访问数据库。
You can change the rules so that the database is only readable/writeable by authenticated users:
您可以更改规则,以便只有经过身份验证的用户才能读取/写入数据库:
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
See the quickstart for the Firebase Database security rules.
请参阅Firebase 数据库安全规则的快速入门。
But since you're not signing the user in from your code, the database denies you access to the data. To solve that you will either need to allow unauthenticated access to your database, or sign in the user before accessing the database.
但是由于您没有通过代码登录用户,因此数据库拒绝您访问数据。要解决这个问题,您需要允许未经身份验证的数据库访问,或者在访问数据库之前登录用户。
Allow unauthenticated access to your database
允许未经身份验证访问您的数据库
The simplest workaround for the moment (until the tutorial gets updated) is to go into the Database panel in the console for you project, select the Rules tab and replace the contents with these rules:
目前最简单的解决方法(直到教程更新)是进入您项目的控制台中的数据库面板,选择规则选项卡并用以下规则替换内容:
{
"rules": {
".read": true,
".write": true
}
}
This makes your new database readable and writeable by anyone who knows the database's URL. Be certain to secure your database again before you go into production, otherwise somebody is likely to start abusing it.
这使得知道数据库 URL 的任何人都可以读取和写入您的新数据库。在投入生产之前一定要再次保护您的数据库,否则有人可能会开始滥用它。
Sign in the user before accessing the database
在访问数据库之前先登录用户
For a (slightly) more time-consuming, but more secure, solution, call one of the signIn...methods of Firebase Authenticationto ensure the user is signed in before accessing the database. The simplest way to do this is using anonymous authentication:
对于(稍微)更耗时但更安全的解决方案,请调用Firebase 身份验证的signIn...方法之一以确保用户在访问数据库之前已登录。最简单的方法是使用匿名身份验证:
firebase.auth().signInAnonymously().catch(function(error) {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// ...
});
And then attach your listeners when the sign-in is detected
然后在检测到登录时附加您的听众
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
// User is signed in.
var isAnonymous = user.isAnonymous;
var uid = user.uid;
var userRef = app.dataInfo.child(app.users);
var useridRef = userRef.child(app.userid);
useridRef.set({
locations: "",
theme: "",
colorScheme: "",
food: ""
});
} else {
// User is signed out.
// ...
}
// ...
});
回答by just-be-weird
I was facing similar issue and found out that this error was due to incorrect rules set for read/write operations for real time database. By default google firebase nowadays loads cloud store not real time database. We need to switch to real time and apply the correct rules.
我遇到了类似的问题,发现这个错误是由于为实时数据库的读/写操作设置的规则不正确。默认情况下,现在 google firebase 加载云存储而不是实时数据库。我们需要切换到实时并应用正确的规则。
As we can see it says cloud Firestore not real time database, once switched to correct database apply below rules:
正如我们所看到的,它说云 Firestore 不是实时数据库,一旦切换到正确的数据库应用以下规则:
{
"rules": {
".read": true,
".write": true
}
}
回答by lilhamad
Go to the "Database" option you mentioned.
转到您提到的“数据库”选项。
- There on the Blue Header you'll find a dropdown which says Cloud Firestore Beta
- Change it to "Realtime database"
- Go to Rules and set .write .read both to true
- 在蓝色标题上,您会找到一个下拉菜单,上面写着 Cloud Firestore Beta
- 将其更改为“实时数据库”
- 转到规则并将 .write .read 都设置为 true
Copied from here.
从这里复制。
回答by Jaywant Narwade
Go to database, next to title there are 2 options:
转到数据库,标题旁边有两个选项:
Cloud Firestore, Realtime database
Cloud Firestore,实时数据库
Select Realtime database and go to rules
选择实时数据库并转到规则
change rules to true.
将规则更改为 true。
This solved my problem.
这解决了我的问题。
回答by Anindya Sankar Dasgupta
- Open firebase, select database on the left hand side.
- Now on the right hand side, select [Realtime database] from the dropdown and change the rules to: { "rules": { ".read": true, ".write": true } }
- 打开firebase,在左侧选择数据库。
- 现在在右侧,从下拉列表中选择 [实时数据库] 并将规则更改为:{ "rules": { ".read": true, ".write": true } }
it works..!!
有用..!!
回答by Parampal Pooni
Another solution is to actually create or login the user automatically if you already have the credentials handy. Here is how I do it using Plain JS.
另一种解决方案是,如果您已经手头有凭据,则实际自动创建或登录用户。这是我如何使用普通 JS 做到这一点。
function loginToFirebase(callback)
{
let email = '[email protected]';
let password = 'xxxxxxxxxxxxxx';
let config =
{
apiKey: "xxx",
authDomain: "xxxxx.firebaseapp.com",
projectId: "xxx-xxx",
databaseURL: "https://xxx-xxx.firebaseio.com",
storageBucket: "gs://xx-xx.appspot.com",
};
if (!firebase.apps.length)
{
firebase.initializeApp(config);
}
let database = firebase.database();
let storage = firebase.storage();
loginFirebaseUser(email, password, callback);
}
function loginFirebaseUser(email, password, callback)
{
console.log('Logging in Firebase User');
firebase.auth().signInWithEmailAndPassword(email, password)
.then(function ()
{
if (callback)
{
callback();
}
})
.catch(function(login_error)
{
let loginErrorCode = login_error.code;
let loginErrorMessage = login_error.message;
console.log(loginErrorCode);
console.log(loginErrorMessage);
if (loginErrorCode === 'auth/user-not-found')
{
createFirebaseUser(email, password, callback)
}
});
}
function createFirebaseUser(email, password, callback)
{
console.log('Creating Firebase User');
firebase.auth().createUserWithEmailAndPassword(email, password)
.then(function ()
{
if (callback)
{
callback();
}
})
.catch(function(create_error)
{
let createErrorCode = create_error.code;
let createErrorMessage = create_error.message;
console.log(createErrorCode);
console.log(createErrorMessage);
});
}
回答by Ond?ej Bauer
OK, but you don`t want to open the whole realtime database! You need something like this.
好的,但是您不想打开整个实时数据库!你需要这样的东西。
{
/* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
"rules": {
".read": "auth.uid !=null",
".write": "auth.uid !=null"
}
}
or
或者
{
"rules": {
"users": {
"$uid": {
".write": "$uid === auth.uid"
}
}
}
}
