用户之间共享文档的Firestore数据库规则和结构 [英] Firestore Database Rules and Structure for sharing Documents between users

问题描述

我正在尝试创建一个允许用户在列表上进行协作的应用程序.每个用户都需要被邀请才能在列表上工作.

I'm trying to create an application which allows users to collaborate on lists. Every user needs to be invited in order to be able to work on the list.

我这样构造数据(宽松地基于此博客帖子). 此外，如果需要，可以更改此结构.

I structured my data like that (loosely based on this blog post). Also this structure can be changed if needed.

list
  list_1:
    users:
      owner:
        owner@company.com: true
      shared:
        user@company.com: true
        user2@company.com: true
    id
    name
    items:
      item_1:
        id:
        name:
      ...

我要实现的目标:每个人都应该能够创建列表.然后，他们的创建者成为创建列表的所有者. 只有共享"文档中的所有者和用户才可以读取和写入此列表.

What I'm trying to achieve: Everyone should be able to create lists. They creator then becomes the owner of the created list. Only the owner and users in the "shared" document should be able to read and write to this list.

我猜想权限设置应该看起来像这样.但这不起作用:

I guess that the permission settings should look something like this. But this isn't working:

service cloud.firestore {
  match /databases/{database}/documents {
    match /lists/{listId}/{anything=**} {
        allow read, write: if !exists(resource.data.users.owner) ||
                               resource.data.users.owner == request.auth.token.email ||
                               request.auth.token.email in resource.data.users.shared
    }
  }
}

推荐答案

我能够弄清楚.

我将数据结构更改为此:

I changed the data structure to this:

list
  list_1
    owner: owner@company.com
    writeAccess: [user1@company.com, user2@company.com]
    id
    name
    items:
      item_1:
        id:
        name:
      ...

然后像这样的数据库规则将起作用:

Then the database rules like this are working:

service cloud.firestore {
  match /databases/{database}/documents {
    match /lists/{listId} {
        // Allow RW on lists for owner, shared user or for everyone if it's a new list
      allow read, write: if resource.data.owner == request.auth.token.email ||
                            request.auth.token.email in resource.data.writeAccess ||
                            !exists(/databases/$(database)/documents/lists/$(listId))
    }
    match /lists/{listId}/items/{itemId} {
        // Allow RW on item for owner or shared user of parent list
        allow read, write: if get(/databases/$(database)/documents/lists/$(listId)).data.owner == request.auth.token.email ||
                              request.auth.token.email in get(/databases/$(database)/documents/lists/$(listId)).data.writeAccess ||
                             !exists(/databases/$(database)/documents/lists/$(listId)) // Needed for new lists. Because lists and items are created in a batch
    }
  }
}

这篇关于用户之间共享文档的Firestore数据库规则和结构的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！