使用身份验证名称的特定用户的Firestore写入安全规则 [英] Firestore write security rule for specific user using auth names
问题描述
Firestore安全规则的新手,正在尝试理解它.我正在尝试编写一条安全规则,该规则仅允许我集合中的 admins
写入数据,而每个人都可以读取数据.
New to Firestore security rules and is trying to understand it. I'm trying to write a security rule that allow only admins
in my collection to write data and every one to read it.
admins
的集合具有文档ID作为管理员名称,例如"Mary Lane".在我拥有的文档中:
The collection of admins
has document ids as admin names, that is for example, "Mary Lane". Within the documents I've fields:
email: "userMailId@mail.com"
uId: "firestore_user_Id"
uId
是Firestore用户ID的ID.要写入的数据是对象 Message
,并且是:
The uId
is the id of Firestore user id. The data to write is an object Message
and is:
new Message(uId, title, messageBody, timestamp)
当前,我正在尝试将 request.auth.uid
与存储在集合中的 admins
的ID匹配:
Currently I'm trying to match the request.auth.uid
with the id of the admins
that are stored within the collection:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read;
allow write: if request.auth.uid == resource.data.uId;
}
}
}
这是写信还是我做错了什么.感谢您的帮助.
Is this is write or am I doing something wrong. Any help is appreciated.
推荐答案
由于此规则中不提供管理员名称,因此允许写入:if request.auth.uid == resource.data.uId;
,则无法查找文档以检查其是否为管理员.
Since the admin's name is not available in this rule allow write: if request.auth.uid == resource.data.uId;
, there is no way to look up the document to check it they're an admin.
您将需要一个集合,其中您需要为每个管理员保留一个文档,并以其UID作为文档密钥/名称.有了这些文件后,您可以使用以下方法检查规则中是否存在此类文件:
You'll need a collection where you keep a document for each admin with their UID as the document key/name. Once you have that, you can check for the existence of such a document in the rule with:
allow write: if exists(/databases/$(database)/documents/admins/$(request.auth.uid));
另请参阅有关访问其他文档的文档.
这篇关于使用身份验证名称的特定用户的Firestore写入安全规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!