嵌套的firebase-firestore规则:父文档中的所有者ID [英] nested firebase-firestore rules: owner id within parent document

问题描述

我无法使这些规则生效: 我有一个项目集合，每个项目都有一个所有者.应该允许所有者读取/写入他的项目以及子集合working_copies.

I can't get these rules to work: I've got a collection with projects, which all have an owner. The owner should be allowed to read/write his projects and the subcollection working_copies as well.

此实现成功授予读取项目的权限，但是从子集合中读取work_copy时失败(缺少权限或权限不足).我怀疑它试图在子文档中找到所有者.

This implementation succesfully grants reading the project, but fails (Missing or insufficient permissions) when reading a working_copy from the sub collection. I suspect it tries to find an owner within the sub-document.

service cloud.firestore {

  match /databases/{database}/documents {

    match /projects/{projectId} {
      allow read, write: if 
        resource.data.owner == request.auth.uid;

      match /working_copies/{doc} {
        allow read, write: if true;
      }

  }
}

我也尝试在项目路径或working_copies路径中使用此条件，但同时失败:

I've also tried using this condition either in the project path or in the working_copies path, but it both fails as well:

    get(/databases/$(database)/documents/projects/$(projectId)).data.owner == request.auth.uid

当我使用递归通配符进行嵌套时，上述所有操作也会失败:

Everything above also fails when i use a recursive wildcard for nesting:

match /projects/{projectId=**} {
   ...

奇怪的是，我认为第一个版本一直可以使用到几天前.

The strange thing is, i think the first version used to work until some days ago.

我使用angular/angularfire并按以下方式调用请求:

I use angular/angularfire and call the requests like this:

 this.db.collection('projects').doc('3279').collection<ProjectData>('working_copies').valueChanges().pipe(...

在规则模拟器中，它还是亮绿灯的.

In the rules simulator it's green lighted though.

推荐答案

我终于找到了解决方法:

I've finally found a workaround:

!('owner' in resource.data) || resource.data.owner == request.auth.uid

这使它接受子文档不再提供所有者.这样看来，当嵌套规则时，父规则也将应用于子文档.

This makes it accept that the child document doesn't provide the owner once more. So it seems, when nesting rules, the parent rules are also applied to child documents.

这篇关于嵌套的firebase-firestore规则:父文档中的所有者ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！