Firestore 安全规则:如何确保文档中值的唯一性? [英] Firestore security rule: How to ensure uniqueness of values in document?
问题描述
在配置文件集合中创建文档之前,以下安全规则能否确保名字、姓氏、用户名和电子邮件的唯一性?
Can the below security rule ensure uniqueness of firstName, lastName, username, and email before creating a document in profiles collection?
match /profiles/{document=**} {
allow create: if request.auth.uid != null
&& (request.resource.data.firstName is string && resource.data.firstName != request.resource.data.firstName)
&& (request.resource.data.lastName is string && resource.data.firstName != request.resource.data.firstName)
&& (request.resource.data.username is string && resource.data.username != request.resource.data.username)
&& (request.resource.data.email is string && resource.data.email != request.resource.data.email)
}
例如,下面是 Firestore 集合配置文件中的数据
For example, below is the data in Firestore collection profiles
{
"document1":{
"firstName":"Jek",
"lastName":"Choo",
"email":"jeksomething@gmail.com",
"username":"jek"
},
"document2":{
"firstName":"Cara",
"lastName":"Choo",
"email":"babycara@gmail.com",
"username":"cara"
}
}
我想创建下面的新文档,这个创建访问应该被拒绝
I want to create the below new document, and this create access should be denied
{
"document3":{
"firstName":"Jek",
"lastName":"Choo",
"email":"jeksomething@gmail.com",
"username":"jek"
}
}
我想创建下面的新文档,这应该是允许的.
And I want to create the below new document, this should be allowed.
{
"document4":{
"firstName":"example",
"lastName":"com",
"email":"test@example.com",
"username":"example"
}
}
总而言之,上述firestore安全规则是否有助于在允许创建文档之前确保字段值的唯一性?
In conclusion, can the above firestore security rule help to ensure field value uniqueness before a document is allowed to be created?
推荐答案
了解 resource 对创建新文档的规则做了什么很重要,这是您在此处显示的唯一规则.
It's important to understand what resource does with respect to rules that create new documents, which is the only rule you're showing here.
资源 指的是到正在编写的(现有)文档".这与 request.resource 形成对比,request.resource 描述尚不存在的文档,如果写入成功,它将存在.
resource refers to "the (existing) document being written". This is in contrast with request.resource which describes the document that doesn't yet exist, that is about to exist, if the write succeeds.
换句话说,在本部分:
资源变量指的是被请求的文档,并且resource.data 是存储在文档.
The resource variable refers to the requested document, and resource.data is a map of all of the fields and values stored in the document.
在创建的情况下,没有正在写入的现有文档.因此,您可以假设对 resource 的任何匹配都会失败.因此,这将无法确保唯一性.
In the case of a create, there is no existing document being written. Therefore, you can assume that any matches against resource to fail. Therefore, this will not ensure uniqueness.
实际上,您无法确保创建的任何给定文档字段的唯一性,因为在安全规则中不可能查询集合中的所有文档是否存在该字段.
In fact, you can not ensure uniqueness of any given document field for a create, since it's not possible in security rules to query all documents in the collection for existence for that field.
Firestore 观察到的唯一性形式是集合中文档的 id.该文档的所有字段不能被安全规则限制为唯一,并且 Firestore 中没有确保唯一性的索引.
The only form of uniqueness observed by Firestore is that of the id of a document within a collection. All fields of that document can not be constrained to be unique by security rules, and there are no indexes in Firestore that ensure uniqueness.
如果你需要一个字段是唯一的,你应该在创建文档之后使用 Cloud Function 触发器检查,如果不满足要求则删除该文档.
If you need a field to be unique, you should check after the document creation by using Cloud Function trigger, then delete the document if it doesn't satisfy the requirements.
这篇关于Firestore 安全规则:如何确保文档中值的唯一性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
