在Firestore规则中使用参考数据类型 [英] Using the reference data type in Firestore Rules

问题描述

我想定义一个规则，该规则只允许用户更新自己的商品，而管理员只能更新所有商品.

I want to define a rule that allows a user only to update his own items and an admin to update all.

作为 uid_of_logged_in_administrator ，我应该能够同时更新 items/item__1 和 items/item__2 -这可行.

As uid_of_logged_in_administrator I should be able to update both items/item__1 and items/item__2 - this works.

作为 uid_of_logged_in_user 的用户，应该允许我更新 items/item__1 ，但不能更新 items/item__2 -这不是.

As uid_of_logged_in_user I should be allowed to update items/item__1 but not items/item__2 - this does not.

显然，问题是我不知道规则中的数据类型[ Cloud Firestore引用].

Obviously the problem is I do not know what the data type [Cloud Firestore references] represents in rules.

我已经阅读了有关规则的文档，并尝试了不同的事情.

I've read through the documentation on rules and been trying different things.

if request.auth.uid == resource.data.owner                           | false
if request.auth.uid == resource.data.owner.id                        | false
if request.auth.uid == resource.data.owner.__id__                    | false
if resource.data.owner is string                                     | false
if resource.data.owner is path                                       | true
if resource.data.owner == path('users/uid_of_logged_in_user')        | false 
if request.auth.uid == resource.data.owner[6]                        | false

所以看来resource.data.owner是一个路径.

So it seems that the resource.data.owner is a path.

但是我如何获得此参考的ID?

创建该引用的原因之一是owner属性可以是一个框，也可以是一个用户.例如. {所有者:'/users/uid_of_logged_in_user'} ， {所有者:'/boxes/box__1'}

One of my reasons for creating this reference is then the owner property can either be a box or an user. eg. {owner: '/users/uid_of_logged_in_user'}, {owner: '/boxes/box__1'}

我当然可以只将用户uid的属性作为字符串添加到项目中，而不是作为引用.但是然后，我需要为框或用户作为所有者具有两个不同的属性.

I could of course just add a property with the users uid as a string to the item instead of as a reference. But then i would need to have two diffrent properties for box or user as owner.

service cloud.firestore {
  match /databases/{database}/documents {

    function isAdmin() {
      return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "admin";
    }
    function isAuth() {
      return request.auth.uid != null;
    }

    match /users/{uid} {
      allow read:   if isAuth();
      allow write:  if isAdmin();
    }

    match /items/{umbId} {
      allow read:   if isAuth();
      // THIS IS THE ISSUE. IT DOESENT WORK.
      allow update: if request.auth.uid == resource.data.owner 
      allow write:  if isAdmin();
    }
  }
}

我的数据库结构如下

users 
  # documentid(uid_of_logged_in_user)
    - name: 'My name'                                           // string
    - address: 'My address'                                     // string
  # documentid(uid_of_logged_in_administrator)
    - name: 'Another one'                                       // string
    - address: 'His address'                                    // string
    - role: 'admin'

items
  # documentid(item__1)
    - owner: 'users/uid_of_logged_in_user'                      // reference
    - name: 'The first item'                                    // string
  # documentid(item__2)
    - owner: 'users/uid_of_logged_in_administrator'             // reference
    - name: 'The first item'                                    // string

boxes
  # documentid(box__1)
    - name: 'First Box'                                         // string
  documentid(box__2)
    - name: 'Second box'                                        // string

推荐答案

如果resource.data.owner ==/databases/$(database)/documents/users/$(uid_of_logged_in_user)应该起作用

这篇关于在Firestore规则中使用参考数据类型的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！