1. 技术文章
  2. Using the reference data type in Firestore Rules

Using the reference data type in Firestore Rules

北慕城南 提交于 2021-02-07 06:58:20

问题


I want to define a rule that allows a user only to update his own items and an admin to update all.

As uid_of_logged_in_administrator I should be able to update both items/item__1 and items/item__2 - this works.

As uid_of_logged_in_user I should be allowed to update items/item__1 but not items/item__2 - this does not.

Obviously the problem is I do not know what the data type [Cloud Firestore references] represents in rules.

I've read through the documentation on rules and been trying different things.

if request.auth.uid == resource.data.owner                           | false
if request.auth.uid == resource.data.owner.id                        | false
if request.auth.uid == resource.data.owner.__id__                    | false
if resource.data.owner is string                                     | false
if resource.data.owner is path                                       | true
if resource.data.owner == path('users/uid_of_logged_in_user')        | false 
if request.auth.uid == resource.data.owner[6]                        | false

So it seems that the resource.data.owner is a path.

But how do I obtain the id for this reference?

One of my reasons for creating this reference is then the owner property can either be a box or an user. eg. {owner: '/users/uid_of_logged_in_user'}, {owner: '/boxes/box__1'}

I could of course just add a property with the users uid as a string to the item instead of as a reference. But then i would need to have two diffrent properties for box or user as owner.

My rules

service cloud.firestore {
  match /databases/{database}/documents {

    function isAdmin() {
      return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "admin";
    }
    function isAuth() {
      return request.auth.uid != null;
    }

    match /users/{uid} {
      allow read:   if isAuth();
      allow write:  if isAdmin();
    }

    match /items/{umbId} {
      allow read:   if isAuth();
      // THIS IS THE ISSUE. IT DOESENT WORK.
      allow update: if request.auth.uid == resource.data.owner 
      allow write:  if isAdmin();
    }
  }
}

The structure of my database is as follows

users 
  # documentid(uid_of_logged_in_user)
    - name: 'My name'                                           // string
    - address: 'My address'                                     // string
  # documentid(uid_of_logged_in_administrator)
    - name: 'Another one'                                       // string
    - address: 'His address'                                    // string
    - role: 'admin'

items
  # documentid(item__1)
    - owner: 'users/uid_of_logged_in_user'                      // reference
    - name: 'The first item'                                    // string
  # documentid(item__2)
    - owner: 'users/uid_of_logged_in_administrator'             // reference
    - name: 'The first item'                                    // string

boxes
  # documentid(box__1)
    - name: 'First Box'                                         // string
  documentid(box__2)
    - name: 'Second box'                                        // string

回答1:


if resource.data.owner == /databases/$(database)/documents/users/$(uid_of_logged_in_user) should work.



来源:https://stackoverflow.com/questions/48340047/using-the-reference-data-type-in-firestore-rules

标签
firebase
firebase-security
google-cloud-firestore
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!