具有参考字段的Firestore安全规则 [英] Firestore security rules with reference fields
问题描述
我有点卡在这里,因为没有办法调试这些规则.感谢您提供以下规则的帮助.
I am a bit stuck here as there is no way to debug those rules. I'd appreciate help with below rules.
我要访问:
/modules/module-id/sessions/session-id/parts/
与hasCompletedPrerequisiteSession()的第一部分中的null进行比较的效果很好,而第二部分则不行!
The comparison with null in the first part of hasCompletedPrerequisiteSession() works well, the second part doesn't!
路径/modules/moduleId/sessions/sessionId/prerequisite指向参考字段.
service cloud.firestore {
match /databases/{database}/documents {
function hasCompletedPrerequisiteSession(moduleId,sessionId) {
// this part works well
return getPrerequisiteSession(moduleId,sessionId) == null ||
// !!! this part does not work !!!
hasCompleted(getPrerequisiteSession(moduleId,sessionId).id);
}
function getPrerequisiteSession(moduleId,sessionId) {
return get(/databases/$(database)/documents/modules/$(moduleId)/sessions/$(sessionId)).data.prerequisite;
}
function hasCompleted(sessionId) {
return exists(/databases/$(database)/documents/progress/$(request.auth.uid)/sessions/$(sessionId));
}
match /modules/{moduleId}/sessions/{sessionId}/parts/{partId} {
allow read: if hasCompletedPrerequisiteSession(moduleId,sessionId);
}
}
}
(如果我将会话ID作为字符串而不是对会话的引用存储,则可以正常工作.)
(If I store the session ID as a string instead of a reference to the session, it works fine.)
修改
问题
- 安全规则中的引用字段.假定
modules/moduleId/owner指向类型为reference的字段.获取引用文档ID的正确方法是什么?get(../modules/moduleId).data.owner.data.id或get(../modules/moduleId).data.owner或其他?
- Reference field in security rules. Assuming
modules/moduleId/ownerpoints to a field of the typereference. What is the proper way to get the id of the referenced document?get(../modules/moduleId).data.owner.data.idorget(../modules/moduleId).data.owneror something else?
推荐答案
从Firebase支持:
From Firebase support:
在您的用例中,您似乎想从参考字段的值(前提条件)中获取文档名称(sessionId),不幸的是, Firestore安全规则当前不支持此操作 .我建议您仅将sessionId作为String存储在prerequisite字段中,或者也可以为sessionId添加String字段.请记住,exists()和get()函数仅允许您检查文档是否存在,或在给定路径下检索文档.
It seems that in your use case, you want to get the document name (sessionId) from the value of your reference field (prerequisite), unfortunately, this is not currently supported by Firestore security rules. I would suggest that you store only the sessionId as String on your prerequisite field, or you can also add String field for the sessionId. Keep in mind that the exists() and get() functions only allow you to check if a document exists, or retrieve the document at the given path.
这篇关于具有参考字段的Firestore安全规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
