Firestore安全性，用于更新文档中的特定字段 [英] firestore security for the update of specific field within document

问题描述

我有以下数据结构作为Firestore文档 我想为每个参与者设置安全规则.

I have a following data structure as a firestore document and I want to set the security rule to each participants.

{
 event_name: 'XXX',
 created_by: 'userid'
 participants: {
  userid_a: true,
  userid_b: true,
  userid_c: true,
 }
}

参加者被设置为类似数组的数据，以使用参加者的用户ID查询集合. 我将按照以下方式更新数据

participants are set as array-like data to query the collection by using participant's userid. And I am updating the data as a following way

const eventDoc = this.afs.doc('event/' + event_id );
participant_obj = {}
participant_obj[`participant_obj.${user_id}`] = true;
eventDoc.update(participant_obj)

然后，我要设置安全规则 只有授权用户才能更新为自己的参与者状态.

Then, I want to set the security rule that only authorized user can update only to their own participant status.

match /event/{eventId} {
 match /participant_obj {
  allow write: if request.resource.data.keys()[0] == request.auth.uid
 }
}

但是它不起作用，因为participant_obj既不是文档的路径也不是集合的路径，participant_obj只是文档中的数据.

But it does not work because participant_obj is not the path of document nor path of collection, participant_obj is just a data within a document.

如何设置安全性以更新文档中的特定字段?

How can I set the security to update the specific field within the document?

推荐答案

怎么样?

match /event/{eventId} {
  allow write: if request.resource.data.participant_obj.keys()[0] == request.auth.uid 
               && request.resource.data.participant_obj.size() == 1
}

这篇关于Firestore安全性，用于更新文档中的特定字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！