基于属性值的Firebase Firestore安全性规则 [英] Firebase Firestore Securitty Rule based on Attribute Value

问题描述

我正在尝试在Firestore数据库上编写安全规则，以允许读取status值为published的集合中的文档.但是，一旦发布规则，就不允许读取该集合的任何文档.

I am trying to write security rules on my Firestore database to allow read of documents within a collection with status value as published. But, it does not allow read for any document for the collection once the rule is published.

我正在遵循官方文档中所述的权限设置. https://firebase.google.com/docs/firestore/security/rules-条件

I am following the permission settings as described on the official doc. https://firebase.google.com/docs/firestore/security/rules-conditions

但是，它没有按预期工作.

But, it is not working as expected.

service cloud.firestore {
  match /databases/{database}/documents {

    match /articles/{articleId} {
        allow read: if resource.data.status == 'published';
    }
  }
}

---

我正在使用以下React + Redux代码查询文档:

---

I am using the following React + Redux code for querying the documents:

export const getArticles = (limit = 25) => {
  return (dispatch) => {
    dispatch({ type: ARTICLES });

    const db = firebase.firestore();
    const query = db.collection('articles')
                    .orderBy('createdAt', 'desc')
                    .limit(limit);

    query.get()
    .then((snapshot) => {
      const dataArray = [];
      snapshot.forEach(doc => {
        dataArray.push(mergeDocIdAndData(doc.id, doc.data()));
      });
      getArticlesSuccess(dispatch, dataArray)
        .then(() => dispatch(push('/articles')));
    })
    .catch(() => getArticlesFail(dispatch));
  };
}

推荐答案

您错过了文档中的一个特定要点:查询失败因为它不包含与安全规则相同的约束"，并且安全规则不包含"过滤器".请参见 https://firebase.google.com/docs/firestore/security /rules-query#queries_and_security_rules

You have missed one specific point in the doc: your query fails "because it does not include the same constraints as your security rules" and "security rules are not filters". See https://firebase.google.com/docs/firestore/security/rules-query#queries_and_security_rules

换句话说，您的查询应类似于:

In other words, your query should be like:

const query = db.collection('articles').where("status", "==", "published")...

这篇关于基于属性值的Firebase Firestore安全性规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！