Firestore security rules based on map values

后端未结

关注

 2  439

遇见更好的自我 2020-12-08 05:43

I want to store if a user is permitted to read a document in the document itself, based on the user\'s email address. Multiple users should have access to the same document.

2条回答

一个人的身影 (楼主)

2020-12-08 06:07
Whenever you have (optional) nested properties you should make sure the property exists before continuing to check its' value eg.
```
allow read: if role in request.auth.token && request.auth.token[role] == true
```
in your case:
```
allow read: if test in resource.data.shared && resource.data.shared.test == true
```
, I was struggling a long time with roles until I realized that on non-admin users the admin field is undefined and firestore rules just crashes and doesn't continue checking other possible matches.

For a user without token.admin, this will always crash no matter if you have other matches that are true eg:
```
function userHasRole(role) {
  return isSignedIn() && request.auth.token[role] == true
}
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...