在Firestore规则中使用参考数据类型 [英] Using the reference data type in Firestore Rules
问题描述
我想定义一个规则,该规则只允许用户更新自己的商品,而管理员只能更新所有商品.
I want to define a rule that allows a user only to update his own items and an admin to update all.
作为 uid_of_logged_in_administrator
,我应该能够同时更新 items/item__1
和 items/item__2
-这可行.
As uid_of_logged_in_administrator
I should be able to update both items/item__1
and items/item__2
- this works.
作为 uid_of_logged_in_user
的用户,应该允许我更新 items/item__1
,但不能更新 items/item__2
-这不是.
As uid_of_logged_in_user
I should be allowed to update items/item__1
but not items/item__2
- this does not.
显然,问题是我不知道规则中的数据类型[ Cloud Firestore引用].
Obviously the problem is I do not know what the data type [Cloud Firestore references] represents in rules.
我已经阅读了有关规则的文档,并尝试了不同的事情.
I've read through the documentation on rules and been trying different things.
if request.auth.uid == resource.data.owner | false
if request.auth.uid == resource.data.owner.id | false
if request.auth.uid == resource.data.owner.__id__ | false
if resource.data.owner is string | false
if resource.data.owner is path | true
if resource.data.owner == path('users/uid_of_logged_in_user') | false
if request.auth.uid == resource.data.owner[6] | false
所以看来resource.data.owner是一个路径.
So it seems that the resource.data.owner is a path.
但是我如何获得此参考的ID?
创建该引用的原因之一是owner属性可以是一个框,也可以是一个用户.例如. {所有者:'/users/uid_of_logged_in_user'}
, {所有者:'/boxes/box__1'}
One of my reasons for creating this reference is then the owner property can either be a box or an user. eg. {owner: '/users/uid_of_logged_in_user'}
, {owner: '/boxes/box__1'}
我当然可以只将用户uid的属性作为字符串添加到项目中,而不是作为引用.但是然后,我需要为框或用户作为所有者具有两个不同的属性.
I could of course just add a property with the users uid as a string to the item instead of as a reference. But then i would need to have two diffrent properties for box or user as owner.
service cloud.firestore {
match /databases/{database}/documents {
function isAdmin() {
return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "admin";
}
function isAuth() {
return request.auth.uid != null;
}
match /users/{uid} {
allow read: if isAuth();
allow write: if isAdmin();
}
match /items/{umbId} {
allow read: if isAuth();
// THIS IS THE ISSUE. IT DOESENT WORK.
allow update: if request.auth.uid == resource.data.owner
allow write: if isAdmin();
}
}
}
我的数据库结构如下
users
# documentid(uid_of_logged_in_user)
- name: 'My name' // string
- address: 'My address' // string
# documentid(uid_of_logged_in_administrator)
- name: 'Another one' // string
- address: 'His address' // string
- role: 'admin'
items
# documentid(item__1)
- owner: 'users/uid_of_logged_in_user' // reference
- name: 'The first item' // string
# documentid(item__2)
- owner: 'users/uid_of_logged_in_administrator' // reference
- name: 'The first item' // string
boxes
# documentid(box__1)
- name: 'First Box' // string
documentid(box__2)
- name: 'Second box' // string
推荐答案
如果resource.data.owner ==/databases/$(database)/documents/users/$(uid_of_logged_in_user)
应该起作用
这篇关于在Firestore规则中使用参考数据类型的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!