内置Firestore安全规则以防止敏感字段 [英] Firestore security rules in to prevent sensitive field

查看:92
本文介绍了内置Firestore安全规则以防止敏感字段的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在用Firestore为一家小型公司建模数据库.

I am modeling a database with Firestore, for a small company.

我有一些部门.每个部门都是一个文档. 在公司中,员工永远不会超过50名.我想保留每个员工的地图.

I have a collection of departments. Each department is a document. In the company, there will never be more than 50 employees. I would like to keep each employee as a map.

因此部门文档将是这样;

so a department document will be like this;

{ 
  emp1: { name: 'tom', age:23, email: 'tom@x.com'},
  emp2: { name: 'mike', age:35, email: 'mike@x.com'}
}

我想保留年龄字段为私有,只有超级用户才能访问它.据我了解,不可能将访问级别放在字段的粒度上.客户收到文档后,便可以访问所有字段.

I would like to keep the age field private, it should be accessed only by superusers. From what I learnt, it is not possible to put access level at the granularity of a field. When a client receives the document, he will have access to all fields.

我该怎么做,我应该保留年龄的子集,这样行得通吗?来自SQL,并且已经在SQL中顺利完成了此工作,我无法只为单个整数进行收集.

How can I go about that, I should keep a sub-collection of ages, would that work? Coming from SQL, and already done this smoothly in SQL, I cannot get my head around to have a collection just for a single integer.

或者还有其他选择吗?我不想招募员工.

Or is there any other alternative? I do not want to have a collection of employees.

推荐答案

您拥有与一个实体(用户)相关联的数据,该实体应对该数据的不同字段具有不同的权限,如果将这些字段拆分为多个字段,这将是最简单的该实体下组织的不同子集合中的文档.在这种情况下,安全规则将更容易实现.简单的公共/私有数据的情况:

You have data associated with one entity (a user) that should have varying permissions for different fields of that data, it will be easiest if you split those fields into documents in different subcollections organized under that entity. The security rules will be much easier to implement in that case. The case of simple public/private data:

users/{uid}/public
  - data
    - name
    - email
users/{uid}/private
  - data
    - age

然后您的规则分别针对每个子集合:

Then your rules target each subcollection separately:

match /users/{uid}/public {
  allow read: true;
}

match /users/{uid}/private {
  allow read: if  **...whatever conditions you choose, if any...**
}

这篇关于内置Firestore安全规则以防止敏感字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆