文档字段的Firestore规则 [英] Firestore rules for document field

问题描述

我正在Firestore内努力为文档设置安全规则.使用RTDB可以为特定的对象属性设置规则，而我正在尝试使用Firestore进行同样的操作.

I'm struggling within Firestore to set security rules for a document. With the RTDB is was possible to set rules for a specific object property and I'm trying to do the same with Firestore.

RTDB代码:

"users": {
    ".read": true,
    ".indexOn": ["profile/name"],
    "$uid": {
        ".read": "auth != null",
        ".write":
            "$uid === auth.uid && !data.exists()",
        "profile": {
            "birthday": {
                ".write": "$uid === auth.uid"
            },
            "name": {
                ".write": "$uid === auth.uid"
            },
            "banned": {
                ".write": "root.child('admins').child(auth.uid).exists()"
            }
        }
    }
}

在Firestore中的相同代码下方:

Below the same code in Firestore:

service cloud.firestore {
    match /databases/{database}/documents {
        match /users/ {
            allow read
            match /{$user} {
                allow read: if request.auth.uid != null
                allow write: if request.auth.uid == request.resource.id &&  exists(/databases/$(database)/documents/users/$(request.resource.id)) === false

                match /birthday {
                    allow write: if request.auth.uid == request.resource.id
                }
                match /name {
                    allow write: if request.auth.uid == request.resource.id
                }
                match /banned  {
                    allow write: get(/databases/$(database)/documents/users/$(request.auth.uid)).data.userType > 3
                }

            }
        }
    }
}

当我为子集合编写安全规则时，它工作正常.但是对于文档字段，它不起作用.这是不可能的还是匹配参考中有特殊的path段? 文档对此没有任何说明.

When I'm writing security rules for a subcollection it's working fine. But for a document field it's not working. Is this not possible or is there a special path segment in the match reference? The documentation doesn't state anything about this.

推荐答案

您可以通过检查request.resource.data属性来实现.如文档的本部分所示.您只需要匹配文档级别.您使用if条件检查字段规则.

You can do this by checking the request.resource.data property. As shown in this section of the documentation. You only need to match the document level. You check the field rules with an if condition.

但是，您无法控制对单个字段的读取访问.用户可以阅读整个文档，也可以不阅读.如果需要存储私人数据，请考虑将其添加到用户文档的子集合中.

However, you are unable to control read access to individual fields. A user can either read a whole document or not. If you need to store private data, consider adding this to a sub-collection of the user document.

这是一个例子

service cloud.firestore {
  match /databases/{database}/documents {
    // Make sure all cities have a positive population and
    // the name is not changed
    match /cities/{city} {
      allow update: if request.resource.data.population > 0
                    && request.resource.data.name == resource.data.name;
    }
  }
}

这篇关于文档字段的Firestore规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！