收集组查询是否需要{path = **}? [英] Is {path=**} necessary for collection group queries?

问题描述

我通读了收藏组查询文档和我想知道是否必须使用递归通配符(rules_version = '2'){path=**} 才能使收集组查询正常工作.

I read through the collection group query documentation and was wondering if the recursive wildcard (rules_version = '2') {path=**} was mandatory in order for collection group queries to work.

我会给你一个例子(根据文档中的例子):

I will give you an example (following the example from the documentation):

• 数据库使用带有不同论坛的forums集合.

每个论坛可以有多个posts.

这将导致以下结构:forums/{forum}/posts/{post}.

以下两个摘录都将成功匹配所有帖子:

Both of the following snippets will successfully match all posts:

match /forums/{forum}/posts/{post} {
  allow list;
}

match /{path=**}/posts/{post} {
  allow list;
}

如果我正确理解了文档，则第一个match 不够不足以使posts上的收藏夹组查询正常工作.
我知道第二个match也将也与名称为posts的任何其他子集合相匹配.

If I understand the documentation correctly, the first match would not be enough in order for a collection group query on posts to work.
I understand that the second match will also match any other subcollection with the name posts.

第一个match是否足够?
如果不是，递归通配符{path=**}是否始终必须是顶级的，即直接在match /databases/{database}/documents中?该文档使它看起来确实如此.

Is the first match enough?
If not, does the recursive wildcard {path=**} always have to be top-level, i.e. directly in match /databases/{database}/documents? The documentation makes it look like it was the case.

推荐答案

文档表明您的第一个规则不足不允许帖子对集合组进行查询.

The documentation suggests that your first rule is not sufficient to allow a collection group query on posts.

在您的安全规则中，您必须通过为帖子收集组编写读取或列表规则来允许此[收集组]查询.

In your security rules, you must allow this [collection group] query by writing a read or list rule for the posts collection group.

match /{path=**}/posts/{post} {
  allow read: if request.auth.uid != null;
}

如果您要问是否可以使用安全性规则将集合组查询限制为一个称为帖子"的子集合的子集，那是不可能的.查询中将考虑所有称为帖子"的集合.这就是为什么通配符必须也在匹配路径的开头的原因，因为仍然有其他尝试来限制集合集.

If you're asking if security rules can be used to constrain a collection group query to a subset of subcollections called "posts", that is not possible. All collections called "posts" will be considered in the query. This is why the wildcard must also be at the beginning of the match path, because anything else would still be an attempt at constraining the set of collections.

这仅是主要规则的变体，即安全规则不是过滤器.他们既不能过滤用于常规查询的文档，也不能过滤用于集合组查询的集合.

This is all just a variation of the primary rule that security rules are not filters. They can neither filter documents for regular queries, nor collections for collection group queries.

该文档的确可以帮助您了解如何对数据建模，以便可以在客户端上应用过滤器，并将其与要搜索的文档中存在的字段进行匹配.客户端可能总是使用where子句来过滤结果，但它也必须匹配安全规则的约束.

The documentation does go further to help you understand how to model your data so that you can apply a filter on the client, and match that to fields that exist in the documents being search. The client may always filter results with a where clause, but it must also match the constraints of the security rules.

这篇关于收集组查询是否需要{path = **}?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！