如何编写Firebase规则以仅允许读取集合/文档的一部分? [英] How can I write a firebase rule to allow reading only part of a collection/document?

问题描述

我正在使用Firebase(firestore)开发一个网站，该网站向基于角色的用户显示文章.

I’m developing a website using firebase (firestore) that displays articles to role based users.

因此数据库保存了文章的集合

So the database holds a collection of articles

qlt0mPbTBt1rQcrx1HJR: {
    title: 'Article 1'
    description: 'Lorem ipsum, dolor sit amet consectetur adipisicing elit.'
    secretInfo: 'secret text for partners only...'
},
lrTk2ybMLiDuUw6pcwll: {
    title: 'Article 2'
    description: 'Lorem ipsum, dolor sit amet consectetur adipisicing elit.'
    secretInfo: 'secret text for partners only...'
}

部分文章字段是公开的(例如标题/说明)，应由所有用户查看；同一文章的其他某些字段(例如secretInfo)是私有的，并且仅应由具有特权角色的特定用户(合作伙伴)查看/admins''...).

part of the article fields are public (e.g. title / description) and should be viewed by all users and some other fields of that same article (e.g. secretInfo) are private and should only be viewed by specific users with privileged roles (partners/admins etc’…).

我知道有可能根据特定规则允许"从firebase中读取"集合/文档-正如其文档中所描述的那样

I know it’s possible to ‘allow read’ of collections/documents from firebase according to specific rules - as very well described in their docs

service cloud.firestore {
  match /databases/{database}/documents {
      // Only the authenticated user who authored the document can read or write
      allow read, write: if request.auth.uid == resource.data.author;
  }
}

https://firebase.google.com/docs/firestore/security/rules-query

但是我要查找的内容有所不同，因为我试图根据Firebase数据库规则仅读取 PART 文档.

But what I am seeking is a little different as I am trying to allow reading only PART the documents according to a firebase database rule.

我不是数据库开发人员，也不知道这是否通常在数据库中完成.

I’m not a db developer and not sure if that is something usually done in databases.

这有可能吗?我是错误地处理了吗?

Is that possible in any way? Am I approaching this wrongly?

非常感谢您的帮助，

谢谢

推荐答案

Firestore安全规则不支持限制对文档中各个字段的访问.用户可以阅读整个文档，或者根本不阅读.

Firestore security rules don't support limiting access on individual fields in a document. A user can either read the entire document, or not at all.

如果希望用户仅对某些文章字段具有部分访问权限，则应建立两个集合，一个集合包含公共信息，另一个集合包含私人信息.然后使用限制访问权限的规则来保护私有集合.

If you want a user to only have partial access to some article fields, you should make two collections, one with public information, and one with private information. Then protect the private collection with rules to limit access.

这篇关于如何编写Firebase规则以仅允许读取集合/文档的一部分?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！