Firestore 安全规则:如何验证字段未定义? [英] Firestore security rules: How to validate that a field is undefined?

问题描述

当用户注册并在 firestore 中初始化他们的数据时，我想验证他们没有尝试设置他们的角色(例如，他们没有将其设置为管理员").

When a user signs up and they initialise their data in firestore, I want to validate that they aren't attempting to set their role (i.e. so they're not setting it to 'admin' for example).

我试着写这个:

match /users/{userId} {
  allow create: if (signedInAs(userId) && !request.resource.data.role) || isAdmin();
  ...

...但我只看到对象上的属性角色未定义."

...but I just see "Property role is undefined on object."

有没有办法安全地做到这一点?或者这是否意味着我应该总是初始化预期的字段，即使它只是空字符串?这似乎不太符合 NoSQL 的理念?

Is there a way to do this safely? Or does this mean I should always be initialising expected fields, even if it's just to the empty string? That doesn't seem to quite fit with the philosophy of NoSQL?

推荐答案

使用 in 运算符来确定对象的属性是否不存在.

Use the in operator to find out if a property of an object doesn't exist.

!("role" in request.resource.data)

这会产生一个布尔值.在 Map 类型的规则 API 文档中查看它.

This yields a boolean. See it in the rules API docs for the Map type.

这篇关于Firestore 安全规则:如何验证字段未定义?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！