问题
What is the best practice for multi-tenant app collection group queries? For example query all invoices for a tenant's customers
/tenant/1/customer/2/invoices
If I create a collection group index called invoices, and I want to ensure that I can get all invoices for tenant 1, how do I do this easily?
I tried setting up some security rules to prevent from querying over the tenants but it still threw Access denied errors since it was still querying across tenants. What would the correct firestore rules look like
回答1:
Firebase projects are not very well suited to multi-tenant apps. It's recommended that you create different projects for each tenant. This will save you a lot of problems in the future.
If you absolutely must have multi-tenancy on a single project, your current database structure does not support it very well for collection group queries. Collection group queries always query every collection of a given name, with no exceptions. You can't use security rules to filter the results, because rules are not filters. Filtering can only come from the client, and be confirmed by security rules. With your current structure, you would need to store the ID of the tenant in each document that you intend to query with a collection group query, and have the client use that as a filter for results.
来源:https://stackoverflow.com/questions/56410515/what-is-the-best-practice-for-a-multi-tenant-app-with-collection-group-queries-i