Firestore规则取决于文档属性
阅读文档后,我相信下面的规则应该允许我将数据库内的所有文档锁定给各自的所有者。因此,我在一个名为所有者的文档上有一个属性,该财产应比较授权并根据文档的所有权设置权限。我仍然收到不足的权限错误。有人可以向我解释为什么会发生这种情况?
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.uid == resource.data.owner;
}
}
}
编辑
让我们假设我在todo应用中有一个任务对象。所有任务都存储在相同的任务集合中:/database/{database}/documents/tasks/*
tasks/arYBG3ydXW: {
title: 'A task',
owner: uid,
}
我要确保只有文档的所有者才能读取或编辑该文档。但是,尝试从集合中读取任务时已经发生了第一个错误。要明确:我创建了一些没有规则设置的文档,因此我最初能够在无执行限制的情况下写入数据库。
query(collection(db, 'tasks'), where('owner', '==', uid))
@firebase/firestore:firestore(9.9.3):快照侦听器中的未误差:{“ code”:“ cermission-dendied”,“ name”:“ firbaseError”}
,我现在也质疑这是否是最佳方法在这种情况下构建我的数据。您认为什么是“最佳实践”,方法1或2(假设多个用户将访问同一数据库)?
Approach 1: (with a prop indicating to whom a doc belongs)
/databases/{database}/documents/tasks/*.{uid}
/databases/{database}/documents/workspaces/*.{uid}
...
Approach 2: (all docs for a user in a separate collection)
/databases/{database}/documents/uid/{tasks},{workspaces}, ...
Having read through the documentation, I believe the rules below should allow me to lock all documents inside a database to their respective owners. So I have a property on a document called owner, which should compare the auth uid and set permissions based on the ownership of the document. I'm still receiving an Insufficient permissions error though. Someone can explain to me why this is happening?
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth.uid == resource.data.owner;
}
}
}
Edit
Let's assume I have a task object in a todo app. All the tasks are stored in the same tasks collection: /databases/{database}/documents/tasks/*
tasks/arYBG3ydXW: {
title: 'A task',
owner: uid,
}
I want to make sure that only the owner of the document can read or edit that document. However, first error already happens when trying to read the tasks from the collection. To be clear: I created some documents without rules setup, so I was initially able to write to the database without enforcing restrictions.
query(collection(db, 'tasks'), where('owner', '==', uid))
@firebase/firestore: Firestore (9.9.3): Uncaught Error in snapshot listener: {"code":"permission-denied","name":"FirebaseError"}
Also, I'm questioning now whether this is the best way to structure my data in this scenario. What would you consider to be "best-practice", approach 1 or 2 (assuming multiple users are going to access the same database)?
Approach 1: (with a prop indicating to whom a doc belongs)
/databases/{database}/documents/tasks/*.{uid}
/databases/{database}/documents/workspaces/*.{uid}
...
Approach 2: (all docs for a user in a separate collection)
/databases/{database}/documents/uid/{tasks},{workspaces}, ...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
正如弗兰克在原始问题的评论中指出的那样,在执行时间查找UID可以解决该问题。
因此,而不是这样做:
query(collection(db,'tasks'),其中('所有者','==',uid))执行此操作:
query(collecter(collection(db,db,db,db) '任务'),其中(“所有者”,'==',getauth()。currentuser.uid))As pointed out by Frank in the comments from the original question, looking up the UID at execution time fixes the issue.
So instead of doing this:
query(collection(db, 'tasks'), where('owner', '==', uid))do this:
query(collection(db, 'tasks'), where('owner', '==', getAuth().currentUser.uid))