Firestore创建文档(如果不存在安全规则) [英] Firestore create document if it doesn't exist security rule
问题描述
我试图编写一条规则,如果文档ID不存在,则创建一个新文档.我的对象是:
I was trying to write a rule that if the id of the document doesn't exist, then create a new document. My object is:
Message message = new Message(userId, title, messageBody, timestamp);
,并且我正在使用 WriteBatch 创建一个新文档并对其进行更新:
and I'm using WriteBatch to create a new document and updating the same:
mWriteBatch.set(mMessageRef.document(messageId), message);
mWriteBatch.update(mMessageRef.document(mIntentMessageId), // params...);
浏览文档和此网站后,我发现如果使用 create 方法,则仅
After browsing through the docs and this site I've found out that if I use create method, it only allows to write the data if it doesn't exist.
所以我创建了一个安全规则,例如:
So I created a security rule like:
match /messages/{message} {
allow read;
allow create: if isSignedIn();
allow update, delete: if isSignedIn();
}
isSignedIn()只是一种包含 request.auth!= null 的方法.该规则失败并覆盖数据.现在我尝试了:
isSignedIn() is just a method contianing request.auth != null. This rule fails and overwrites the data. Now I tried:
match /messages/{message} {
allow read;
allow create: if request.resource.id != message;
allow update, delete: if isSignedIn();
}
这一次它也会覆盖数据,而不显示错误.
This time also it overwrites the data instead of showing an error.
我在这里做错了什么?感谢您的帮助.
What am I doing wrong here? Any help is appreciated.
更新:正如JoséDavid Aroesti在评论中所述,我必须进行更改将其保存为 exists ,并删除 update 和 delete 以使其正常工作,并且从应用程序中反映出它应该执行的操作.但是我该如何更新和删除文档?
Update: As told by José David Aroesti in the comments, I have to change it to exists and remove update and delete to work properly and from the app it's reflecting what it's suppose to do. But then how would I update and delete a document?
例如,当我在Simulator中使用以下规则时,两个规则均按预期执行,但是当我从设备进行测试时,即使存在,我也始终可以创建一个文档:
For example, when I'm using the below rules in Simulator, both are being executed as expected but when I'm testing it from the device, I'm always able to create a document even if it exists:
allow create: if !exists(/databases/$(database)/documents/messages/$(message));
allow update: if get(/databases/$(database)/documents/messages/$(message)).data.timestamp
< request.resource.data.timestamp;
有可能吗?
推荐答案
您可以使用 exists()和 get()内置函数来验证是否文档已存在或正在访问该文档,以便您可以读取其数据.
You can use the exists() and get() built-in functions to verify if the document exists or to access the document so you can read its data.
在这种情况下,示例为:
In this case, an example would be:
match /messages/{message} {
allow read;
allow create: if !exists(/databases/$(database)/documents/messages/$(request.resource.id));
}
并且可能不建议使用@creativecreatoror,因此,您不应为 update 和 delete 指定 allow 表达式,以免数据被覆盖.
And as @creativecreatorormaybenot suggested, you should not specify allow expressions for update and delete so the data cannot be overwritten.
以下是文档的链接:
https://firebase.google.com/docs/firestore/security/rules-conditions#access_other_documents
https://firebase.google.com/docs/reference/rules/rules.firestore
这篇关于Firestore创建文档(如果不存在安全规则)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
