问题
Can you make security rules that runs a query to check if a matching document is found?
I'm building a system where a logged in user can vote on specific topics.
Every single vote will be saved in its own document, with a reference to the user, the topic etc.
I want to make a security rule that checks if there's already a document in the vote section with that specific user ID and topic ID present, and only let the user write a vote document it that's not the case.
I can't see any query options in the documentation, so what are my options?
Can I somehow create an index of all votes, and look for a specific document path in that index?
Or should I give the votes a custom ID scheme, based on the user ID and the topic ID, so they can be found?
回答1:
You can't perform a query with conditions with security rules. All you can do is get() a document using its known path. That is to say, you must know all of its collections and document IDs that uniquely identify it.
It sounds like it might be feasible to create others documents (they don't have to contain any data), and their existence can signal the condition you want to protect.
(Yes, sometimes modeling of data has to take security rules into consideration.)
来源:https://stackoverflow.com/questions/56136614/firestore-security-rules-can-i-query-for-a-document-with-specific-fields