Firestore Security - allow only known fields

后端未结

关注

 3  1492

遥遥无期 2020-12-03 01:46

I can’t figure out how to properly set the ‘.validate’ rule in Firestore. Basically, I want to allow a User document to contain only the fields I know:

3条回答

夕颜 (楼主)

2020-12-03 02:39

To add on to Mike McDonald's answer, to check for particular keys, the form is now:

request.resource.data.keys().hasAll

instead of

request.resource.data.hasAll

Full example:

// allows for creation with name and phone fields
allow create: if request.resource.data.size() == 2
              && request.resource.data.keys().hasAll(['name', 'phone'])
              && request.resource.data.name is string
              && request.resource.data.phone is string;
// allows a single update adding the address field
// OR (||) in additional constraints
allow update: if request.resource.data.size() == resource.data.size() + 1
              && !('address' in resource.data)
              && request.resource.data.address is string;

More information here: https://firebase.google.com/docs/reference/rules/rules.Map

0 讨论(0)

查看其它3个回答