Firestore读取自我条件的规则 [英] Firestore read rules with self condition
问题描述
它看起来有趣并且超级高效,但是我有一个firestore规则的问题。
我有一个带有如下对象的集合(游戏):
$ b$ p
$ :
{
uid:字符串
uid2:字符串
}
}
规则如下:
service cloud.firestore {
match / databases / {database} / documents {
match / games {
match / {game} {
allow write:if request.auth!= null&& request.resource.data.owners [request.auth.uid] =='ADMIN';
允许更新:if request.auth!= null&& resource.data.owners [request.auth.uid] =='ADMIN';
允许阅读:if request.auth!= null&& resource.data.owners [request.auth.uid] =='ADMIN';
$ b $ / code> 写,更新工作正常。只能读取单个文档。
当我尝试读取集合时,我得到访问错误,就好像用户没有权利。使它不工作的部分是
pre $ resource_ata_owners [request.auth.uid] =='ADMIN'。
添加 where(owners。+ auth.uid,= =,管理员)收集查询也没有帮助。
我在这里做错了什么?有没有在类似的情况下firebase firestore的建议方法?编辑:
我尝试添加像这样的get和list规则:
允许列表:if request.auth!= null;
allow get:if request.auth!= null&& resource.data.owners [request.auth.uid] =='ADMIN';
没有按预期工作。我期望它允许我列出其中的文档,但是如果有一个文档不能 get 我期望获得权限不足或不足。我能做的是列出所有文件,但没有直接读取其中的一部分( get 规则在尝试获取单个文档时有效,但在从集合中列出时不起作用) 。编辑2:看起来像根据@MikeMcDonald我的期望是正确的,但它是目前窃听。等待修复。
我认为创建和更新作品是因为它们是写入的一部分,条件1涵盖了它。 p>
I'm currently trying to build small app on firebase as an evaluation of it. It looks interesting and super productive, but I have one problem with firestore rules.
I have one collection (games) with objects looking like this:
{
"name":String,
"description":String,
"owners":
{
"uid": String
"uid2": String
}
}
And rules set like this:
service cloud.firestore {
match /databases/{database}/documents {
match /games {
match /{game} {
allow write: if request.auth != null && request.resource.data.owners[request.auth.uid] == 'ADMIN';
allow update: if request.auth != null && resource.data.owners[request.auth.uid] == 'ADMIN';
allow read: if request.auth != null && resource.data.owners[request.auth.uid] == 'ADMIN';
}
}
}
}
While write, update work fine. Read only works for single documents. When I try to read a collection I get access error as if user did not have right to it. The part that makes it not work is
resource.data.owners[request.auth.uid] == 'ADMIN'.
Adding a where("owners."+auth.uid,"==", 'ADMIN') to collection query does not help either.
What am I doing wrong here? Is there a suggested approach in firebase firestore for similar scenario?
EDIT: I tried adding 'get' and 'list' rules like this:
allow list: if request.auth != null;
allow get: if request.auth != null && resource.data.owners[request.auth.uid] == 'ADMIN';
It didn't work as expected. I expected it to allow me to list documents with where but if there is a document that I could not get I expected to get "Missing or insufficient permissions." What I was able to do was to list ALL documents but not read some of them directly (get rule works when trying to fetch single document but not when listing them from a collection).
EDIT 2: Looks like according to @MikeMcDonald my expectation was correct, but it is currently bugged. Waiting for the fix.
I think create and update works because they are part of write and condition 1 covers it.
这篇关于Firestore读取自我条件的规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
