1. 技术文章
  2. Firestore security rules, nested field

Firestore security rules, nested field

和自甴很熟 提交于 2021-01-28 10:13:50

问题


Our database structure looks like that:

trips
   12345
      toArea
         radius: 150
         name: "citycenter"
   54321
      toArea
         radius: 250
         name: "main street"

We tried to create some rules for read from document:

match /chats/{trip} {
    match /messages/{message} {
       allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
    }
}

It's works fine

but next rules doesn't works:

allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea.radius != null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea.radius == null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea["radius"] == null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea["radius"] != null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data["toArea.radius"] == null
allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data["toArea.radius"] != null

I really don't understand what wrong with it, how could two opposite rules (==null / != null) doesn't work. How could we manage with fields toArea.radius in rules?


回答1:


EDIT (12/18/17): These are both now fixed, so this should Just Work™.

As @hatboysam mentioned, you're currently hitting two bugs that we're working quickly to fix:

  1. get().data only works if there's a reference to resource.data or request.resource.data somewhere in your rules (we used to support get() returning the resource without using data, but this ended up being problematic so it was changed right before release).
  2. Nested properties (e.g. toArea.radius) are broken.

1 is easy to work around:

match /chats/{trip} {
    match /messages/{message} {
       allow read, write: if get(/databases/$(database)/documents/trips/$(trip)).data.toArea != null
    }
}
match /bogusPathThatWillNeverMatch {
  allow read: if resource.data != null; // should never be true
}

Both 1 and 2 will be fixed shortly, so stay tuned for resolution.



来源:https://stackoverflow.com/questions/46961538/firestore-security-rules-nested-field

标签
firebase-security
google-cloud-firestore
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!