Firebase Cloud Storage规则可以针对Firestore数据进行验证吗? [英] Can Firebase Cloud Storage rules validate against Firestore data?

问题描述

我们可以使用Firestore数据来授予或限制对Firebase Cloud Storage上托管的文件的访问吗?

Can we use Firestore data to grant or restrict access to files hosted on Firebase Cloud Storage?

我想用作Firebase安全规则的示例

Exemple of what I would like to use as Firebase Security Rule

allow write: if get(/databases/mydbname/documents/guilds/$(guildID)).data.users[(request.auth.uid)] in ["Admin", "Member"];

推荐答案

当前无法从另一产品的安全规则中访问不同的Firebase产品.请参阅:有没有办法进行身份验证用户在Firebase存储规则中的角色?

There is currently no way to access different Firebase products from within the security rules of another product. See: is there a way to authenticate user role in firebase storage rules?

但是似乎您正在尝试检查用户的组成员身份.建议您不要在数据库中查找该组成员身份，而建议将其建模为所谓的自定义声明.代替(或除了)将成员资格写入数据库之外，您将使用Firebase Admin SDK将声明用户{uid}是组{guild1}的成员"设置为用户个人资料:

But it seems like you are trying to check group-membership of the user. Instead of looking that group-membership up in the database, I recommend that you model it as a so-called custom claim. Instead of (or in addition to) writing the membership to the database, you'll set the claim "user {uid} is a member of group {guild1}" into the user profile using the Firebase Admin SDK:

admin.auth().setCustomUserClaims(uid, {guild1: true}).then(() => {
  // The new custom claims will propagate to the user's ID token the
  // next time a new one is issued.
});

完成后，您可以检查安全规则中的公会成员身份:

With that done, you can check the guild membership in the security rules:

allow read: if request.auth.token.guild1 == true;

(我不确定您是否/如何将行会会员资格建模为地图，如果确实如此，我将更新此答案.)

(I'm not sure if/how you can model the guild membership as a map, I'll update this answer if that turns out to be the case.)

这篇关于Firebase Cloud Storage规则可以针对Firestore数据进行验证吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！