用户仅创建和编辑他的数据的Firestore规则
我是Firebase的新手,我完成了构建一个React.js Sire,用户填写了一个在一个名为驱动程序的子集合中保存的表格,然后用户子集合中的用户文档进行了编辑,以表明他已经填写了以前的形式。 现在,我想制定一条规则,以便用户只能在将来创建表单和更新自己的表单,并在将来阅读自己的
壁炉结构
users:
autoId{
uid,
id,
filledForm,
}
drivers:
id{
idNumber,
}
,现在看起来像这样的ID和IDNUMBER字段,用户和驱动程序是相同的值,以及驱动程序中DOC的名称的ID也是相同的ID,现在我试图制定firebase规则,只有使用相同ID的用户才能创建ABD在驱动程序和用户中编辑他的数据我可以实现这个吗? 这是我所达到的
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /drivers/{driver} {
allow read,create,update: if isLoggedIn() && request.resource.data.idNumber == request.auth.token.id;
}
match /users/{user} {
allow read,create,update: if isLoggedIn() && request.resource.data.id == request.auth.token.id;
}
}
function isLoggedIn(){
return request.auth != null;
}
}
I am new to firebase and and I finished building a react.js sire where the user fills a form which is saved under a sub collection called drivers, then the document of the user in users sub collection gets edited to show that he already filled the form before.
now I want to make a rule so that the user can only create forms and update his own form if needed in the future, and read his own form only
my firebase structure looks like this
users:
autoId{
uid,
id,
filledForm,
}
drivers:
id{
idNumber,
}
now the id and idNumber fields in users and drivers are the same value, and the id which is the name of the doc in drivers is also the same id , now I am trying to make a firebase rule where only the user with the same id could create abd edit his data in both drivers and users how can I achieve this?
here is what I have reached
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /drivers/{driver} {
allow read,create,update: if isLoggedIn() && request.resource.data.idNumber == request.auth.token.id;
}
match /users/{user} {
allow read,create,update: if isLoggedIn() && request.resource.data.id == request.auth.token.id;
}
}
function isLoggedIn(){
return request.auth != null;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在您的路径用户/{user}中,{user}实际上是文档ID。如果您将身份验证令牌ID设置为用户文档ID,则可以使用它来检查请求验证令牌ID。
In your path users/{user}, {user}, is actually the document Id. If you have set the authentication token ID as the users document ID you can use that to check against the request auth token id.