基于地图值的 Firestore 安全规则 [英] Firestore security rules based on map values

问题描述

我想根据用户的电子邮件地址存储是否允许用户在文档本身中阅读文档.多个用户应该可以访问同一个文档.

I want to store if a user is permitted to read a document in the document itself, based on the user's email address. Multiple users should have access to the same document.

根据文档 Firestore 不允许查询数组成员.这就是为什么我将用户的电子邮件地址存储在 String-Bool Map 中，并将电子邮件地址作为键.

According to the documentation Firestore does not allow querying array members. That'S why I'm storing the users email addresses in a String-Bool Map with the email address as a key.

对于以下示例，我没有使用电子邮件作为映射键，因为它已经不适用于基本字符串.

For the following example I'm not using emails as map keys, because it already doesn't work with basic strings.

数据库结构如下:

lists
  list_1
    id: String
    name: String
    owner: E-Mail
    type: String
    shared:
      test: true

此处列出了所有安全规则:

All security rules are listed here:

service cloud.firestore {
  match /databases/{database}/documents {
    match /lists/{listId=**} {
        allow read: if resource.data.shared.test == true
    }
  }
}

如果我使用 match/lists/{listId} 而不是 match/lists/{listId=**}

It also doesn't work if I use match /lists/{listId} instead of match /lists/{listId=**}

我的理解是，如果地图 shared[test] 中的值为 true，则此安全规则应该允许所有人进行读取访问.

How I understand it, this security rules should allow reading access to everyone if the value in the map shared[test] is true.

为了完整起见:这是我正在使用的查询(Android 上的 Kotlin):

For completness sake: This is the query I'm using (Kotlin on Android):

collection.whereEqualTo("shared.test", true).get()
        .addOnCompleteListener(activity, { task ->
            if (task.isSuccessful) {
                Log.i("FIRESTORE", "Query was successful")
            } else {
                Log.e("FIRESTORE", "Failed to query existing from Firestore. Error ${task.exception}")
            }
        })

我猜我无法从安全规则访问映射值.那么我的问题的替代解决方案是什么?

I'm guessing that I cannot access map values from the security rules. So what would be an alternative solution to my problem?

在 Firestore 规则参考中写道，地图可以像这样访问 resource.data.property == 'property' 那么，我做错了什么?

In the Firestore rules reference it's written that maps can be accessed like that resource.data.property == 'property' so, what am I doing wrong?

推荐答案

现在应该修复这个问题.如果您仍然看到它(并且确定它是规则评估器的错误)，请在评论中告诉我.

This issue should be fixed now. If you're still seeing it (and are sure it's a bug with the rules evaluator), let me know in the comments.

我已经与这里的一些人讨论过您遇到的问题，这似乎是安全规则本身的问题.从本质上讲，该问题似乎特定于评估查询中的嵌套字段，例如您正在执行的操作.

I've chatted with some folks here about the problem you're encountering, and it appears to be an issue with the security rules itself. Essentially, the problem seems to be specific to evaluating nested fields in queries, like what you're doing.

所以，基本上，您所做的应该可以正常工作，您需要等待 Firestore 团队的更新才能使此查询正常工作.发生这种情况时，我会尽量记住更新此答案.对不起！

So, basically, what you're doing should work fine, and you'll need to wait for an update from the Firestore team to make this query work. I'll try to remember to update this answer when that happens. Sorry 'bout that!

这篇关于基于地图值的 Firestore 安全规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！