使用身份验证名称的特定用户的Firestore写入安全规则 [英] Firestore write security rule for specific user using auth names

问题描述

Firestore安全规则的新手，正在尝试理解它.我正在尝试编写一条安全规则，该规则仅允许我集合中的 admins 写入数据，而每个人都可以读取数据.

New to Firestore security rules and is trying to understand it. I'm trying to write a security rule that allow only admins in my collection to write data and every one to read it.

admins 的集合具有文档ID作为管理员名称，例如"Mary Lane".在我拥有的文档中:

The collection of admins has document ids as admin names, that is for example, "Mary Lane". Within the documents I've fields:

email: "userMailId@mail.com"
uId: "firestore_user_Id"

uId 是Firestore用户ID的ID.要写入的数据是对象 Message ，并且是:

The uId is the id of Firestore user id. The data to write is an object Message and is:

new Message(uId, title, messageBody, timestamp)

当前，我正在尝试将 request.auth.uid 与存储在集合中的 admins 的ID匹配:

Currently I'm trying to match the request.auth.uid with the id of the admins that are stored within the collection:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read;
      allow write: if request.auth.uid == resource.data.uId;
    }
  }
}

这是写信还是我做错了什么.感谢您的帮助.

Is this is write or am I doing something wrong. Any help is appreciated.

推荐答案

由于此规则中不提供管理员名称，因此允许写入:if request.auth.uid == resource.data.uId; ，则无法查找文档以检查其是否为管理员.

Since the admin's name is not available in this rule allow write: if request.auth.uid == resource.data.uId;, there is no way to look up the document to check it they're an admin.

您将需要一个集合，其中您需要为每个管理员保留一个文档，并以其UID作为文档密钥/名称.有了这些文件后，您可以使用以下方法检查规则中是否存在此类文件:

You'll need a collection where you keep a document for each admin with their UID as the document key/name. Once you have that, you can check for the existence of such a document in the rule with:

allow write: if exists(/databases/$(database)/documents/admins/$(request.auth.uid));

另请参阅有关访问其他文档的文档.

这篇关于使用身份验证名称的特定用户的Firestore写入安全规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！