Firestore Security Rules - How can I check that a field is/isn't being modified?

前端未结

关注

 9  604

孤城傲影 2020-11-29 07:24

For the life of me, I cannot understand why the following is resulting in a false for allowing writes. Assume my users collection is empty to start

9条回答

[愿得一人] (楼主)

2020-11-29 08:22

Your rules will be a lot more readable and maintainable if you create a custom function to check for updates. For example:

service cloud.firestore {
  match /databases/{database}/documents {
    function isUpdatingField(fieldName) {
      return (!(fieldName in resource.data) && fieldName in request.resource.data) || resource.data[fieldName] != request.resource.data[fieldName];
    }

    match /users/{userId} {
      // Read rules here ...
      allow write: if !isUpdatingField("role") && !isUpdatingField("adminOnlyAttribute");
    }
  }
}

0 讨论(0)

查看其它9个回答