所以我在我的代码中运行条纹支付方法,它产生错误index.cjs.js:409 Uncaught (in promise) FirebaseError: Missing or insufficient permissions.
我已经允许权限并将我的计划升级到firebase上的blaze计划以允许条带连接,但它仍然给我错误…有人有什么建议吗?以下是我的firebase规则:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /environments/{environment}/companies/{userId} {
allow write, read: if request.auth.uid == userId;
match /{anySubCollection}/{anyDocument} {
allow write, read: if request.auth.uid == userId;
}
match /customers/{uid} {
allow read: if request.auth.uid == uid;
match /checkout_sessions/{id} {
allow read, write: if request.auth.uid == uid;
}
match /subscriptions/{id} {
allow read: if request.auth.uid == uid;
}
}
match /products/{id} {
allow read: if true;
allow write: if false;
match /prices/{id} {
allow read: if true;
allow write : if false;
}
match /tax_rates/{id} {
allow read: if true;
}
}
}}}
这是我尝试访问文档并编写实际代码的代码:
import firebase from 'firebase'
import getStripe from './stripe'
const firestore = firebase.firestore();
export async function createCheckoutSession(){
// return firestore.collection()
const checkoutSessionRef = await firestore.collection('testdata').doc().collection('checkout_sessions').add(
{price : price here
success_url : window.location.origin,
cancel_url: window.location.origin,
}
);
checkoutSessionRef.onSnapshot(async (snap) => {
const {sessionid} = snap.data();
if (sessionid) {
const stripe = await getStripe()
stripe.redirectToCheckout({sessionid})
}
});
}
您的规则没有任何条目与名为"testdata"的集合匹配。如果没有匹配,默认的行为是拒绝访问,这就是为什么你会得到一个错误。
我认为你的规则中可能有一些放错位置的大括号。您已经对它进行了设置,以便所有内容都嵌套在match /environments/{environment}/companies/{userId} {
的规则中。我想你的意思是在"客户"规则之前关闭那个规则。
即使解决了这个问题,仍然没有"testdata"条目,所以您需要将其添加进去。例如:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /environments/{environment}/companies/{userId} {
allow write, read: if request.auth.uid == userId;
match /{anySubCollection}/{anyDocument} {
allow write, read: if request.auth.uid == userId;
}
}
match /testdata/{uid} {
allow read: if request.auth.uid == uid;
match /checkout_sessions/{id} {
allow read, write: if request.auth.uid == uid;
}
}
// ..
}
}
或者,也许你想访问的是"客户";收集。在这种情况下,您不需要更改规则(除了右括号),您需要更改代码:
const checkoutSessionRef = await firestore.collection('customers').doc().collection('checkout_sessions').add(
编辑Cloud Firestore的规则,然后提交发布按钮
代码
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if true;
}
}
}