访问Firestore规则中的父文档字段 [英] Access parent documents field in Firestore rules

问题描述

我正在Firestore中实现一本食谱书，每个用户都可以查看所有用户创建的所有食谱，但只允许食谱的原始作者编辑或删除该食谱.任何用户都可以创建一个新配方.

I'm implementing a recipe book in Firestore where every user is able to see all the recipes all users created but only the original author of the recipe is allowed to edit or delete the recipe. Any user is also allowed to create a new recipe.

我的问题是我无法设置子集合的权限以监听"子集合父文档的字段.

My problem is that I am unable to setup the permissions a subcollection to "listen" on a field of the subcollections parentdocument.

每个配方文档包含三样东西.存储食谱名称的名为name的字段，存储创建者uid的request.auth.uid的名为creatorUID的字段以及包含带有一些随机字段的文档的名为ingredients的子集合.

Each recipe document contains three things. A field called name where the name of the recipe is stored, a field called creatorUID where the request.auth.uid of the creators uid is stored and a subcollection called ingredients containing documents with some random fields.

service cloud.firestore {
  match /databases/{database}/documents {

    function isSignedIn() {
      return request.auth != null;
    }

    match /ListOfRecipes/{recipe} {
        allow read, create: if isSignedIn();
        allow update, delete: if resource.data.creatorUID == request.auth.uid;

        match /{list=**} {
            allow read: if isSignedIn();
            // Should return true if recipe.creatorUID has same value as request.auth.uid
            allow write: if recipe.creatorUID == request.auth.uid;
        }
    }
  }
}

问题在于，使用这些规则只能创建配方文档.由于数据库提示，因此不会创建子集合及其文档

The problem is that with these rules it only works to create the recipe document. The subcollection and it's documents are not created since the db says

FirebaseError:[code = permission-denied]:缺少权限或权限不足. FirebaseError:缺少权限或权限不足.

FirebaseError: [code=permission-denied]: Missing or insufficient permissions. FirebaseError: Missing or insufficient permissions.

调用是从Angular客户端及其官方库中进行的.

The calls is made from Angular client and it's official library.

推荐答案

规则不会级联，因此您需要对规则捕获的文档进行所需的任何检查.

Rules don't cascade, so you'll need to perform whatever checks you need for the document being captured by the Rules.

通常来说，{x=**}规则通常是一个错误，=**的用法仅用于非常特定的用例.

Generally speaking, {x=**} rules are more often a mistake and the usage of =** only for extremely specific use cases.

根据您的问题，我假设您的数据模式是这样的:

From your question, I'm assuming your data mode is something like this:

/ListofRecipes/{recipe_document}/List/{list_document}

在这种情况下，您需要将规则配置如下:

In this case, you'll need your Rules to be configured something like this:

service cloud.firestore {
  match /databases/{database}/documents {

    function isSignedIn() {
      return request.auth != null;
    }

    match /ListOfRecipes/{recipe} {
        allow read, create: if isSignedIn();
        allow update, delete: if resource.data.creatorUID == request.auth.uid;

        function recipeData() {
            return get(/databases/$(database)/documents/ListOfRecipes/$(recipe)).data
        }

        match /List/{list} {
            allow read: if isSignedIn();
            allow write: if recipeData().creatorUID == request.auth.uid;
        }
    }
  }
}

这篇关于访问Firestore规则中的父文档字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！