Firestore安全规则基于地图值 [英] Firestore security rules based on map values

问题描述

如果允许用户根据用户的电子邮件地址阅读文档本身的文档，我想存储它。多个用户应该可以访问同一个文档。

根据文档 Firestore不允许查询阵列成员。这就是为什么我要将用户的电子邮件地址存储在一个String-Bool Map中，并将电子邮件地址作为关键字。

对于下面的示例，我没有使用电子邮件作为map键，因为它已经不能用于基本的字符串。

数据库结构如下所示：

<$
$ list_1
id：字符串
名称：字符串
所有者：电子邮件
类型：字符串
共享：
test：true

所有安全规则都在这里列出：

  service cloud.firestore {
 match / databases / {database} / documents {
 match / lists / {listId = * *} {
 allow read：if resource.data.shared.test == true 
} 
} 
} 
   match / lists / {listId} 而不是
 
 
 
 c $ c> match / lists / {listId = **}  
 
 
 
我怎么理解这个安全规则应该允许readi如果map  shared [test] 中的值为true，则可以访问每个人。
 
 
 
完整性：是我正在使用的查询（Android上的Kotlin）：
 
 $ p $  collection.whereEqualTo（shared.test，true）。 get（）
 .addOnCompleteListener（activity，{task  - > 
 if（task.isSuccessful）{
 Log.i（FIRESTORE，Query was successful）
} else {
 Log.e（FIRESTORE，Failed错误$ {task.exception}）
} 
}）
  
我猜测我无法从安全规则中访问地图值。那么，对于我的问题，另外一个解决方案是什么？
 
 
 
在 Firestore规则参考它写的地图可以像这样访问 resource.data.property =='property' so ，我在做什么错了？
解决方案
我和这里的一些人聊过你遇到的问题，似乎是安全规则本身的问题。从本质上来说，这个问题似乎是特定于评估查询中的嵌套字段，比如你在做什么。所以，基本上，你在做什么应该可以正常工作，而且您需要等待Firestore团队的更新才能使此查询生效。我会尽量记得在发生这种情况时更新这个答案。对不起'回合！
 
I want to store if a user is permitted to read a document in the document itself, based on the user's email address. Multiple users should have access to the same document.

According to the documentation Firestore does not allow querying array members. That'S why I'm storing the users email addresses in a String-Bool Map with the email address as a key.

For the following example I'm not using emails as map keys, because it already doesn't work with basic strings.

The database structure looks like that:
lists
  list_1
    id: String
    name: String
    owner: E-Mail
    type: String
    shared:
      test: true
All security rules are listed here:
service cloud.firestore {
  match /databases/{database}/documents {
    match /lists/{listId=**} {
        allow read: if resource.data.shared.test == true
    }
  }
}
Edit: It also doesn't work if I use match /lists/{listId} instead of match /lists/{listId=**}

How I understand it, this security rules should allow reading access to everyone if the value in the map shared[test] is true.

For completness sake: This is the query I'm using (Kotlin on Android):
collection.whereEqualTo("shared.test", true).get()
        .addOnCompleteListener(activity, { task ->
            if (task.isSuccessful) {
                Log.i("FIRESTORE", "Query was successful")
            } else {
                Log.e("FIRESTORE", "Failed to query existing from Firestore. Error ${task.exception}")
            }
        })
I'm guessing that I cannot access map values from the security rules. So what would be an alternative solution to my problem?

In the Firestore rules reference it's written that maps can be accessed like that resource.data.property == 'property' so, what am I doing wrong?
解决方案
I've chatted with some folks here about the problem you're encountering, and it appears to be an issue with the security rules itself. Essentially, the problem seems to be specific to evaluating nested fields in queries, like what you're doing.

So, basically, what you're doing should work fine, and you'll need to wait for an update from the Firestore team to make this query work. I'll try to remember to update this answer when that happens. Sorry 'bout that!

                        
这篇关于Firestore安全规则基于地图值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！