Firestore:删除文档上的敏感字段 [英] Firestore: remove sensitive fields on documents

问题描述

我正在尝试弄清楚如何删除Firestore文档上的敏感字段.例如，我的收藏集是一个团体信息.该组受密码保护.任何想加入小组的人都必须知道密码.

I'm trying to figure it out how to remove a sensitive field on a firestore document. For example, my collection is a group information. The group is protected with a pin code field. Any one wants to join the group has to know the pin code.

在此期间，我想让用户查询哪些组可以加入.对于查询部分，我不希望返回带有PIN码信息的组信息.无论如何，我们是否有必要从Firestore的文档中删除敏感字段以读取事件?

In the meantime, I want to let users query what group is available to join. For query part, I don't want return group information with pin code information. Do we have anyway to remove sensitive fields from a document for Firestore for reading event?

云功能仅支持写入事件.一种可能的解决方案是在写入事件时使用云功能，并将PIN码放在单独的文档中.有更好的解决方案吗?谢谢.

Cloud function only supports write event. 1 possible solution is use cloud function on write event, and put pin code in a separate document. Is there a better solution? THanks.

我的论坛架构是:

group: {
    name: string,
    pinCode: string
}

推荐答案

用户可以访问文档，也不能访问文档.Firestore中没有属性级别的访问控制.

A user can either access a document, or they can't. There is no property-level access control in Firestore.

因此，要实现所需的功能，您需要将公共和私人信息存储在单独的文档中.

So to accomplish what you want, you will need to store the public and private information in separate documents.

您可以使用同一集合中的私人信息创建第二个文档，然后使用以下方法保护它们的安全性:

You could either create a second document with the private information in the same collection and then secure them using:

match /databases/{database}/documents {
    match /groups/{group} {
      allow read: if resource.data.visibility != "private"
    }
}

或者(更容易保护)，您可以为私人文档创建一个单独的集合.

Alternatively (and simpler to secure) you could create a separate collection for the private documents.

这篇关于Firestore:删除文档上的敏感字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！