Firestore安全规则:如何确保文档中值的唯一性? [英] Firestore security rule: How to ensure uniqueness of values in document?
问题描述
下面的安全规则能否在配置文件集合中创建文档之前确保名字,姓氏,用户名和电子邮件的唯一性?
Can the below security rule ensure uniqueness of firstName, lastName, username, and email before creating a document in profiles collection?
match /profiles/{document=**} {
allow create: if request.auth.uid != null
&& (request.resource.data.firstName is string && resource.data.firstName != request.resource.data.firstName)
&& (request.resource.data.lastName is string && resource.data.firstName != request.resource.data.firstName)
&& (request.resource.data.username is string && resource.data.username != request.resource.data.username)
&& (request.resource.data.email is string && resource.data.email != request.resource.data.email)
}
例如,以下是Firestore集合配置文件中的数据
For example, below is the data in Firestore collection profiles
{
"document1":{
"firstName":"Jek",
"lastName":"Choo",
"email":"jeksomething@gmail.com",
"username":"jek"
},
"document2":{
"firstName":"Cara",
"lastName":"Choo",
"email":"babycara@gmail.com",
"username":"cara"
}
}
我要创建下面的新文档,并且此创建访问权限应被拒绝
I want to create the below new document, and this create access should be denied
{
"document3":{
"firstName":"Jek",
"lastName":"Choo",
"email":"jeksomething@gmail.com",
"username":"jek"
}
}
我想创建下面的新文档,这应该被允许.
And I want to create the below new document, this should be allowed.
{
"document4":{
"firstName":"example",
"lastName":"com",
"email":"test@example.com",
"username":"example"
}
}
总而言之,上述Firestore安全规则能否有助于确保允许创建文档之前字段值的唯一性?
In conclusion, can the above firestore security rule help to ensure field value uniqueness before a document is allowed to be created?
推荐答案
重要的是要了解resource对于创建新文档的规则的作用,这是您在此处显示的唯一规则.
It's important to understand what resource does with respect to rules that create new documents, which is the only rule you're showing here.
resource 指")正在编写的文件".这与request.resource相对,后者描述了如果写入成功将不存在,即将存在的文档.
resource refers to "the (existing) document being written". This is in contrast with request.resource which describes the document that doesn't yet exist, that is about to exist, if the write succeeds.
换句话说,在本节中 :
资源变量引用请求的文档,并且 resource.data是存储在数据库中的所有字段和值的映射 文档.
The resource variable refers to the requested document, and resource.data is a map of all of the fields and values stored in the document.
在创建的情况下,没有现有的文档被写入.因此,您可以假定与resource的任何匹配都将失败.因此,这将无法确保唯一性.
In the case of a create, there is no existing document being written. Therefore, you can assume that any matches against resource to fail. Therefore, this will not ensure uniqueness.
实际上,您不能确保创建任何给定文档字段的唯一性,因为在安全规则中无法查询该集合中所有文档是否存在该字段.
In fact, you can not ensure uniqueness of any given document field for a create, since it's not possible in security rules to query all documents in the collection for existence for that field.
Firestore观察到的唯一唯一形式是集合中文档ID的唯一形式.安全规则不能将该文档的所有字段限制为唯一,并且Firestore中没有确保唯一性的索引.
The only form of uniqueness observed by Firestore is that of the id of a document within a collection. All fields of that document can not be constrained to be unique by security rules, and there are no indexes in Firestore that ensure uniqueness.
如果您需要一个唯一的字段,则应使用Cloud Function触发器在之后检查文档创建,然后在不满足要求时删除该文档.
If you need a field to be unique, you should check after the document creation by using Cloud Function trigger, then delete the document if it doesn't satisfy the requirements.
这篇关于Firestore安全规则:如何确保文档中值的唯一性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
