Firestore安全规则,嵌套字段 [英] Firestore security rules, nested field
问题描述
我们的数据库结构如下:
Our database structure looks like that:
trips
12345
toArea
radius: 150
name: "citycenter"
54321
toArea
radius: 250
name: "main street"
我们试图创建一些规则来读取文档:
We tried to create some rules for read from document:
match /chats/{trip} {
match /messages/{message} {
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
}
}
没问题
但下一条规则不起作用:
but next rules doesn't works:
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea.radius != null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea.radius == null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea["radius"] == null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea["radius"] != null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data["toArea.radius"] == null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data["toArea.radius"] != null
我真的不明白这是怎么回事,两个相反的规则(== null/!= null)怎么可能不起作用.我们如何使用规则中的 toArea.radius 字段进行管理?
I really don't understand what wrong with it, how could two opposite rules (==null / != null) doesn't work. How could we manage with fields toArea.radius in rules?
推荐答案
编辑(12/18/17):现在,它们都已修复,因此应该可以正常工作.
EDIT (12/18/17): These are both now fixed, so this should Just Work™.
正如@hatboysam所说,您当前遇到了两个我们正在迅速修复的错误:
As @hatboysam mentioned, you're currently hitting two bugs that we're working quickly to fix:
-
get().data
仅在规则中某处引用resource.data
或request.resource.data
时有效(我们曾经支持get()
而不使用data
来返回resource
,但这最终带来了问题,因此在发行前就进行了更改). - 嵌套属性(例如
toArea.radius
)已损坏.
get().data
only works if there's a reference toresource.data
orrequest.resource.data
somewhere in your rules (we used to supportget()
returning theresource
without usingdata
, but this ended up being problematic so it was changed right before release).- Nested properties (e.g.
toArea.radius
) are broken.
1很容易解决:
match /chats/{trip} {
match /messages/{message} {
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
}
}
match /bogusPathThatWillNeverMatch {
allow read: if resource.data != null; // should never be true
}
1和2都将很快修复,因此请继续关注分辨率.
Both 1 and 2 will be fixed shortly, so stay tuned for resolution.
这篇关于Firestore安全规则,嵌套字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!