firestore安全规则resource.data为空对象 [英] firestore security rule resource.data is empty object
问题描述
在Firestore安全规则中,resource.data始终是空对象,这是Bug还是其他原因?
In firestore security rule, the resource.data is an emtpy object always, is this a bug or something ?
我的Firestore规则:
My firestore rules:
service cloud.firestore {
match /databases/{database}/documents {
match /hospitals/{document=**}{
// allow read :if resource.data.size() == 0; //this return true, resource.data is an empty object
allow read :if resource.data.name != null; // this doesn't work
}
}
}
我的JavaScript:
My javascript:
auth().onAuthStateChanged((user) => {
if (user) {
//db is the firestore instance
db.collection('/hospitals').get()
.then(printResult)
} else {
}
})
这是我当前的数据库快照
this is my current database snapshot
问题在于,在我们查询多个文档的情况下,firestore安全性无法评估文档的实际值
the issue rely on that firestore security doesn't evaluate the actual document value when we query a over multiple document , in my case
//this doesn't firestore doesnt' evaluate the documetn
db.collection('hospitals').get()
//this will work ,if you need to compare the actual value
db.document('hospitals/somehospital').get()
推荐答案
安全规则不会自行过滤数据.他们只是强制执行有关客户端可以读取哪些数据的规则.您的客户当前正在尝试阅读所有医院.由于您的安全规则限制了客户端可以读取哪些数据,因此它们会拒绝此操作.
Security rules don't filter data by themselves. They merely enforce rules on what data a client can read. Your client is currently trying to read all hospitals. Since your security rules have restrictions on what data a client can read, they reject this operation.
您需要通过与安全性规则匹配的查询读取数据,以确保客户端请求的内容不超过安全性规则所允许的范围.所以像
You need to ensure that what your client requests is no more than what the security rules allow, by reading the data through a query that matches the security rules. So something like
db.collection('/hospitals')
.where("name", ">=", "")
.get()
.then(printResult)
请注意,这确实要求文档中有一个name字段,否则名称不能为空.
Note that this does require that the document has a name field, otherwise the name can't be empty.
有关更多信息,请参见:
For more info, see:
- the Firestore documentation on securing queries
- Firestore select where is not null
这篇关于firestore安全规则resource.data为空对象的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
