Firebase Collection查询更改如果用户具有admin自定义索赔
在构造Angular的壁炉查询方面寻求一些帮助。 我有一个文档的集合,每个文档都有一个数组字段,其中包含允许查看文档的用户形式的列表。
此查询非常适合将数组中具有任何给定用户的所有文档带回去,并且我在Firebase上有相应的规则以确保安全性。
return this.firestore
.collection('accounts', (ref) =>
ref.where('users', 'array-contains', this.userId)
)
.valueChanges();
到目前为止,一切都很好。
一些用户具有自定义索赔集:admin = true,我想重组上述查询,以便对这些用户的查询限制不得执行,并且将返回所有文档。我不想特别想将每个文档的Admins的用户ID添加到数组中 - 感到不必要。
我可以编写查询的管理版本,并使用索赔状态来确定在任何时候执行哪一个,但是当我必须在应用程序中的每个查询中执行此操作时,这会很痛苦,并且会很烦人。
是否有一种更聪明的方法来编写单个查询,该查询只有在用户没有admin = true索赔的情况下才能执行“哪里”? Firebase安全规则已经允许返回给管理用户的任何文档。
我也可以做这样的事情:
return this.firestore
.collection('accounts', (ref) =>
this.isAdmin ? ref : ref.where('users', 'array-contains', this.userId)
)
.valueChanges();
但这仍然有点笨拙。希望有一些真正直接,干净的方法可以实现这一目标。也许我不是以正确的方式接近整个事情...?
Looking for some help with structuring a Firebase query in Angular.
I have a collection of documents, each with an array field containing a list of the userIds that are permitted to view the document.
This query works great for bringing back all the docs that have any given user in the array, and I have a corresponding rule on Firebase to ensure security.
return this.firestore
.collection('accounts', (ref) =>
ref.where('users', 'array-contains', this.userId)
)
.valueChanges();
So far, so good.
Some of the users have a custom claim set: admin=true and I want to restructure the above query so that the limit on the query is not enforced for these users and all documents will be returned. I don't particularly want to have the admins' userIds added to the array for every document - feels unnecessary.
I could write an admin version of the query and use the claim status to determine which one to execute at any time, but that feels rather painful and is going to be irritating when I have to do it for every query in the app.
Is there a smarter way to write a single query that will execute the 'where' only when the user does not have the admin=true claim? The Firebase security rule already allows any documents to be returned for admin users.
I can also do something like this:
return this.firestore
.collection('accounts', (ref) =>
this.isAdmin ? ref : ref.where('users', 'array-contains', this.userId)
)
.valueChanges();
but that still feels a bit clunky. Hopefully there's some really straightforward and clean way to achieve this. Maybe I'm not approaching the whole thing in the right way...?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不认为您的解决方案很笨拙。只需添加一个简短的评论,例如“获取所有文档,如果管理员,否则获取授权阅读的所有文档”。
I don't think your solution is clunky. Just add a short comment like "fetch all documents if admin, otherwise fetch all documents authorized to read".