问题
I have a following data structure as a firestore document and I want to set the security rule to each participants.
{
event_name: 'XXX',
created_by: 'userid'
participants: {
userid_a: true,
userid_b: true,
userid_c: true,
}
}
participants are set as array-like data to query the collection by using participant's userid. And I am updating the data as a following way
const eventDoc = this.afs.doc('event/' + event_id );
participant_obj = {}
participant_obj[`participant_obj.${user_id}`] = true;
eventDoc.update(participant_obj)
Then, I want to set the security rule that only authorized user can update only to their own participant status.
match /event/{eventId} {
match /participant_obj {
allow write: if request.resource.data.keys()[0] == request.auth.uid
}
}
But it does not work because participant_obj is not the path of document nor path of collection, participant_obj is just a data within a document.
How can I set the security to update the specific field within the document?
回答1:
How about like this;
match /event/{eventId} {
allow write: if request.resource.data.participant_obj.keys()[0] == request.auth.uid
&& request.resource.data.participant_obj.size() == 1
}
来源:https://stackoverflow.com/questions/47738514/firestore-security-for-the-update-of-specific-field-within-document