对象数据类型的Firestore规则 [英] Firestore rules on object data type
问题描述
数据库有一个集合"集合,集合中的每个文档都有一个成员"对象,其中包含将有权访问该文档的用户的"uid".
Collection--->document-->members = {"BZntnJO2PVS8OZ9wctwHiyxBytc2": true}
我尝试了许多不同类型的规则,但是这些规则似乎都不起作用
service cloud.firestore {
match /databases/{database}/documents {
match /collection/{documentId} {
allow read: ****
}
}
1)
allow read: if get(/databases/$(database)/documents/collection/$(documentId)).members[request.auth.uid] != null
2)
allow read: if resource.data.members[request.auth.uid] != null
3)
allow read: resource.members[request.auth.uid] != null
4)
allow read: if request.resource.data.members[request.auth.uid] != null
5)
allow read: request.resource.members[request.auth.uid] != null
这可能是Firestore的错误吗?
您需要访问data属性以获取用户创建的任何属性,因此规则1、3和5无效. >
request.resource通常是指您向下发送到数据库的数据,通常是在写操作的情况下,因此规则#4将不起作用,因为在这种情况下request.resource.data可能为空阅读.
规则2看起来确实正确,但是请记住,这仅在获取单个文档的情况下有效.查询有点棘手.
具体来说,如果您正在运行常规的获取我的收藏集中的每个文档"类型的查询,则Cloud Firestore没有时间搜索数据库中的每条记录以确保您的用户具有访问权限,因此将拒绝此查询.相反,您需要运行一个查询,Cloud Firestore可以在该查询中证明"要检索的所有文档都是有效的.例如,在您的情况下,您将要确保查询类似于获取我的集合中的每个文档,其中member.(userID)!= null".然后,Cloud Firestore规则可以将您的查询与其规则进行比较,并感到满意,因为您将只获得有权访问的文档.
The Database have a collection "Collection" and each document inside the collection have an object "members" which contains the "uid" of users who will have access to the document.
Collection--->document-->members = {"BZntnJO2PVS8OZ9wctwHiyxBytc2": true}
I have tried many different types of rules but none of these rules seems to work
service cloud.firestore {
match /databases/{database}/documents {
match /collection/{documentId} {
allow read: ****
}
}
1)
allow read: if get(/databases/$(database)/documents/collection/$(documentId)).members[request.auth.uid] != null
2)
allow read: if resource.data.members[request.auth.uid] != null
3)
allow read: resource.members[request.auth.uid] != null
4)
allow read: if request.resource.data.members[request.auth.uid] != null
5)
allow read: request.resource.members[request.auth.uid] != null
Can it be a Firestore bug?
You need to access the data property to get at any user-created properties, so rules 1, 3, and 5 won't work.
request.resource generally refers to the data that you're sending down to the database, typically in the case of a write operation, so rule #4 won't work, because request.resource.data will probably be empty in the case of a read.
Rule #2 does look right, but keep in mind this will only work in the case of fetching a single document. Queries are a little trickier.
Specifically, if you're running a general "Get every document in my collection" kind of query, Cloud Firestore doesn't have the time to search through every record in your database to ensure that your user has access, so it will reject this query. Instead, you'd need to run a query where Cloud Firestore can "prove" that all documents you'd retrieve will be valid. In your case, for example, you would want to make sure your query is something like "Get every document in my collection where members.(userID) != null". Cloud Firestore rules can then compare your query with its rules and feel satisfied that you'll only get documents you have access to.
这篇关于对象数据类型的Firestore规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
