Firestore规则:如何根据包含子集合的文档字段允许访问子集合? [英] Firestore rules: How do I allow access to a subcollection depending on a field of the document that contains it?
问题描述
我正在编写一个小程序来管理各种联赛.
I am writing a small program in react that manages a league of sorts.
我的问题是如何允许正确的用户访问(读,写)联赛的比赛日.比赛日的名称为"matchday-1","matchday-2",依此类推,是文件(比赛)的集合,并且是联赛内部的子集合.
The problem I have is how do I allow access (read, write) to the matchdays of a league for the correct user. The matchdays are named "matchday-1", "matchday-2", and so on, and are collections of documents (the matches), and are subcollections inside the league.
我的 firebase结构基本上是这样的:联赛(集合)->联赛(文件)->比赛日-n(集合)->比赛-m(文件)其中n和m是数字.
My firebase structure looks like this basically: leagues(collection) -> league(document) -> matchday-n(collection) -> match-m(document) where n and m are numbers.
联赛文档包含一个名为创建者"的字段,该字段包含创建该联赛的用户的ID.应该只有他们才能访问它及其比赛日!
The league document contains a field called "creator", which contains the ID of the user that created that league. Only they are supposed to access it and its matchdays!
但是看起来,当我访问比赛日时,firebase规则中 resource.data.creator 的值与我访问联赛本身时的值不同.
But as it seems, when I am accessing a matchday, the value for resource.data.creator in the firebase rules is different from when I am accessing the league itself.
我的问题是:我必须执行哪个规则,以便只有创建联赛的用户才能访问该联赛及其子集合?
My question is: Which rule do I have to implement, so that only the user who created the league can access it and its subcollections?
我试图找到一种方法来将 request.auth.uid 与联盟的创建者进行比较.
I tried to find a way to compare the request.auth.uid to the creator of the league.
我尝试过这样的条件: request.auth.uid == get(同盟之路").创建者,如您在我提供的代码中所见.但这似乎不起作用,因为我可能错误地引用了路径.
I tried something like this as a condition:
request.auth.uid == get("path-to-league").creator
, as you can see in the code I provided.
But it doesn't seem to work this way, as I might be referencing the path incorrectly.
这是我目前的代码:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /leagues/{league} {
allow read, write: if request.auth.uid == resource.data.creator
}
match /leagues/{league}/{document=**} {
allow read, write: if request.auth.uid == get(/databases/$(database)/documents/leagues/$(league)).creator
}
}
}
这取决于我如何摆弄规则集,但是在提供的代码的情况下,尝试访问(读取或写入)创建者错误的联赛时会遇到缺少权限或权限不足"的情况,这很好,但即使是正确的创建者,我也无法访问比赛日.
Depending on how I fiddle with the rule set, but in case of my provided code, I get "missing or insufficient permissions" when trying to access (read or write from) a league that has the wrong creator, which is good, but even if it's the correct creator, I cannot access the matchdays.
推荐答案
您缺少一些语法.可能应该是这样:
You're missing a bit of syntax. It should probably be this:
match /leagues/{league}/{document=**} {
allow read, write: if request.auth.uid ==
get(/databases/$(database)/documents/leagues/$(league)).data.creator
}
请注意,有一个 data 属性放在 creator 之前.这使您可以访问文档Resource对象的原始字段值.
Note that there is a data property before creator. This gives you access to the raw field values of the document Resource object.
这篇关于Firestore规则:如何根据包含子集合的文档字段允许访问子集合?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
