基于Firebase Firestore时间戳的安全规则 [英] Firebase firestore timestamp based security rules
问题描述
在客户端,我正在使用"createdDate"字段之一创建文档.
On my client side I am creating a document with one of the fields "createdDate"
以下是来自Firestore模拟器的有效载荷
below is a payload from the firestore simulator
{
"__name__": "/databases/(default)/documents/billing/aaaa",
"data": {
"createdDate": 1529237500239,
"createdDateTimeFormat": "2018-06-12T07:00:00.000Z"
}
}
我试图设置安全规则,以确保将来不会创建"createdDate".
I tried to set the security rule to make sure the "createdDate" is not in the future.
service cloud.firestore {
match /databases/{database}/documents {
match /billing/{userId}{
allow create: if (request.resource.data.createdDate < request.time.toMillis());
}
}
}
这使访问被拒绝.
接下来,我尝试了以下引用时间戳格式的规则.这也会导致访问被拒绝.
Next, I tried the following rule referencing the Timestamp format. That gives access denied as well.
service cloud.firestore {
match /databases/{database}/documents {
match /billing/{userId}{
allow create: if (request.resource.data.createdDateTimeFormat < request.time);
}
}
}
推荐答案
request.time is of type Timestamp, as you can see from the rules reference documentation, but you're using it as a number.
您有两个选择.首先,您可以将createdDate字段更改为Timestamp类型的对象,这可能是更好的方法.
You have two options. First, you could change your createdDate field to a Timestamp type object, which is probably the better way to go.
如果必须将其保留为数字,则必须将 request.time 时间戳记对象转换为与您的数字的大小相匹配的数字.如果您的数字以纪元以来的毫秒数为单位,则可以使用 toMills()方法:
If you must leave it as a number, you'll have to convert the request.time Timestamp object to a number that matches the measurement of your number. If your number measured in milliseconds since epoch, you can use the toMills() method on it:
allow create: if (request.resource.data.createdDate < request.time.toMillis());
这篇关于基于Firebase Firestore时间戳的安全规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
