Firestore安全规则，嵌套字段 [英] Firestore security rules, nested field

问题描述

我们的数据库结构如下:

Our database structure looks like that:

trips
   12345
      toArea
         radius: 150
         name: "citycenter"
   54321
      toArea
         radius: 250
         name: "main street"

我们试图创建一些规则来读取文档:

We tried to create some rules for read from document:

match /chats/{trip} {
    match /messages/{message} {
       allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
    }
}

没问题

但下一条规则不起作用:

but next rules doesn't works:

allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea.radius != null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea.radius == null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea["radius"] == null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea["radius"] != null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data["toArea.radius"] == null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data["toArea.radius"] != null

我真的不明白这是怎么回事，两个相反的规则(== null/！= null)怎么可能不起作用.我们如何使用规则中的 toArea.radius 字段进行管理?

I really don't understand what wrong with it, how could two opposite rules (==null / != null) doesn't work. How could we manage with fields toArea.radius in rules?

推荐答案

编辑(12/18/17):现在，它们都已修复，因此应该可以正常工作.

EDIT (12/18/17): These are both now fixed, so this should Just Work™.

正如@hatboysam所说，您当前遇到了两个我们正在迅速修复的错误:

As @hatboysam mentioned, you're currently hitting two bugs that we're working quickly to fix:

1. get().data 仅在规则中某处引用 resource.data 或 request.resource.data 时有效(我们曾经支持 get()而不使用 data 来返回 resource ，但这最终带来了问题，因此在发行前就进行了更改).
2. 嵌套属性(例如 toArea.radius )已损坏.

1. get().data only works if there's a reference to resource.data or request.resource.data somewhere in your rules (we used to support get() returning the resource without using data, but this ended up being problematic so it was changed right before release).
2. Nested properties (e.g. toArea.radius) are broken.

1很容易解决:

match /chats/{trip} {
    match /messages/{message} {
       allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
    }
}
match /bogusPathThatWillNeverMatch {
  allow read: if resource.data != null; // should never be true
}

1和2都将很快修复，因此请继续关注分辨率.

Both 1 and 2 will be fixed shortly, so stay tuned for resolution.

这篇关于Firestore安全规则，嵌套字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！