尝试使用request.path设置Cloud Firestore安全规则 [英] Trying to set up Cloud Firestore security rules using request.path

问题描述

我正在努力了解Firestore的一些安全概念.我想基于request.path属性设置规则.

I am struggling to get my head around some Firestore security concepts. I want to set up a rule based on the request.path property.

我的规则是这样

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.path[0]=='appUsers';
    }
  }
}

...然后我使用 AngularFire2 添加这样的文档...

...and I then use AngularFire2 to add a document like this...

this.myAngularFirestore.doc('/appUsers/'+this.auth.auth.currentUser.uid).set({name: this.auth.auth.currentUser.displayName})
      .then(()=>console.log('Added user'))
      .catch(err=>console.log('Could not add user:', err.message));

我认为基于文档，这应该很简单 ，但我得到的只是错误-Missing or insufficient permissions.

I thought this should be simple based on the docs but all I ever get is the error - Missing or insufficient permissions.

我知道我已正确登录，并且如果我使用allow read,write: if true;打开安全性，我知道该查询有效，那么我在这里没有得到什么? request.path[0]不应在此处求值字符串appUsers从而允许写入数据吗?

I know I am logged in correctly and I know the query works if I open up the security with allow read,write: if true; so what am I not getting here? Shouldn't request.path[0] evaluate to the string appUsers here and so allow the data to be written?

任何想法都被我接受，因为到目前为止我发现这些规则并没有太大的乐趣.

Any ideas gratefully accepted as I'm not finding these rules much fun to out together so far.

全力以赴

推荐答案

我建议使用内置的路径匹配器版本:

I'd recommend using the built-in path matcher version of this:

service cloud.firestore {
  match /databases/{database}/documents {
    match /appUsers {
      allow read, write;
    }
  }
}

或者，如果您真的想在条件中指定:

Or, if you really want to specify in the condition:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{pathSegment} {
      allow read, write: if pathSegment == "appUsers";
    }
  }
}

request.path是完整路径(例如/projects/<projectId>/databases/(default)/documents/appUsers，这意味着您实际上想要request.path[5](因此为什么我们提供了更简单，更易读的方式).

request.path is the full path (e.g. /projects/<projectId>/databases/(default)/documents/appUsers, which means you'd actually want request.path[5] (hence why we provide easier, more readable ways of doing this).

编辑(4/2/18):request.path支持List和Map访问:

Edit (4/2/18): request.path supports both List and Map access:

• List:request.path[5] == "appUsers"
• Map:request.path['pathSegment'] == "appUsers"，但请注意，它仅适用于通配符(例如{name})值

• List: request.path[5] == "appUsers"
• Map: request.path['pathSegment'] == "appUsers", though note that it only works on wildcarded (e.g. {name}) values

这篇关于尝试使用request.path设置Cloud Firestore安全规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！