Firebase Firestore阻止客户端在文档中创建字段 [英] Firebase Firestore prevent client side creation of fields in a document

问题描述

我正在努力寻找一种解决方案，以防止客户端仅在其在Firestore中具有写访问权限的文档中创建具有值的随机字段.由于您无法像使用实时数据库那样限制对Firestore中单个字段的访问，因此这似乎很难实现.

I am struggling to find a solution to prevent clients from just creating random fields with values in a document where they have write access to in Firestore. Since you cannot restrict access to single fields in Firestore like you could with the realtime database, this seems hard to achieve.

一种解决方案可能是不允许创建字段，而只能让客户更新字段，但这意味着您必须为文档预创建字段，这在我看来并不是一个很好的解决方案，尤其是如果您有文档每个用户都是动态创建的，并且不得不使用云功能来预创建文档中的字段，这似乎是没有道理的.

A solution would maybe be to not allow creation of fields and just letting clients update fields, but this would mean you would have to precreate the fields for documents which is not really a good solution in my opinion, especially if you have documents per user, which are dynamically created and having to use cloud functions to precreate fields in a document just seems unjustified.

有人有更好的解决方案吗?

Does anyone have a better solution?

推荐答案

如Firebase Firestore文档中所述，您实际上可以阻止或允许在某些字段中进行写入或读取.这可以通过添加类似于以下内容的规则来实现:

As said in the Firebase Firestore documentation, you actually can prevent or allow writes or reads in certain fields. This can be achieved by adding a rule similar to this:

match /collection/{doc} {
  allow update: if request.resource.data.field == resource.data.field;
}

在更新后，基本上哪个字段将检查该特定字段是否具有完全相同的值.您还可以添加规则，以检查请求的值是否在范围内或等于(您的预定义值)之间.

Which would basically check if that specific field will have the exact same value after the update. You can also add rules to check if the requested value is between a range or equals to (your predefined value).

allow update: if request.resource.data.field > 0 && request.resource.data.field > 100;

这篇关于Firebase Firestore阻止客户端在文档中创建字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！