Firebase 云存储规则可以针对 Firestore 数据进行验证吗? [英] Can Firebase Cloud Storage rules validate against Firestore data?

问题描述

我们可以使用 Firestore 数据授予或限制对 Firebase Cloud Storage 上托管的文件的访问权限吗?

Can we use Firestore data to grant or restrict access to files hosted on Firebase Cloud Storage?

我想用作 Firebase 安全规则的示例

Exemple of what I would like to use as Firebase Security Rule

allow write: if get(/databases/mydbname/documents/guilds/$(guildID)).data.users[(request.auth.uid)] in ["Admin", "Member"];

推荐答案

目前无法从其他产品的安全规则内访问不同的 Firebase 产品.请参阅:是否有一种方法可以进行身份​​验证Firebase 存储规则中的用户角色?

There is currently no way to access different Firebase products from within the security rules of another product. See: is there a way to authenticate user role in firebase storage rules?

但您似乎正在尝试检查用户的组成员身份.我建议您不要在数据库中查找组成员身份，而是将其建模为所谓的自定义声明.您将使用 Firebase Admin SDK 将声明user {uid} is a member of group {guild1}"设置为用户配置文件:

But it seems like you are trying to check group-membership of the user. Instead of looking that group-membership up in the database, I recommend that you model it as a so-called custom claim. Instead of (or in addition to) writing the membership to the database, you'll set the claim "user {uid} is a member of group {guild1}" into the user profile using the Firebase Admin SDK:

admin.auth().setCustomUserClaims(uid, {guild1: true}).then(() => {
  // The new custom claims will propagate to the user's ID token the
  // next time a new one is issued.
});

完成后，您可以在安全规则中检查公会成员:

With that done, you can check the guild membership in the security rules:

allow read: if request.auth.token.guild1 == true;

(我不确定您是否/如何将公会成员资格建模为地图，如果情况确实如此，我会更新此答案.)

(I'm not sure if/how you can model the guild membership as a map, I'll update this answer if that turns out to be the case.)

这篇关于Firebase 云存储规则可以针对 Firestore 数据进行验证吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！