Firestore安全性,用于更新文档中的特定字段 [英] firestore security for the update of specific field within document
问题描述
我有以下数据结构作为Firestore文档 我想为每个参与者设置安全规则.
I have a following data structure as a firestore document and I want to set the security rule to each participants.
{
event_name: 'XXX',
created_by: 'userid'
participants: {
userid_a: true,
userid_b: true,
userid_c: true,
}
}
参加者被设置为类似数组的数据,以使用参加者的用户ID查询集合. 我将按照以下方式更新数据
participants are set as array-like data to query the collection by using participant's userid. And I am updating the data as a following way
const eventDoc = this.afs.doc('event/' + event_id );
participant_obj = {}
participant_obj[`participant_obj.${user_id}`] = true;
eventDoc.update(participant_obj)
然后,我要设置安全规则 只有授权用户才能更新为自己的参与者状态.
Then, I want to set the security rule that only authorized user can update only to their own participant status.
match /event/{eventId} {
match /participant_obj {
allow write: if request.resource.data.keys()[0] == request.auth.uid
}
}
但是它不起作用,因为participant_obj
既不是文档的路径也不是集合的路径,participant_obj
只是文档中的数据.
But it does not work because participant_obj
is not the path of document nor path of collection, participant_obj
is just a data within a document.
如何设置安全性以更新文档中的特定字段?
How can I set the security to update the specific field within the document?
推荐答案
怎么样?
match /event/{eventId} {
allow write: if request.resource.data.participant_obj.keys()[0] == request.auth.uid
&& request.resource.data.participant_obj.size() == 1
}
这篇关于Firestore安全性,用于更新文档中的特定字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!