我如何设置Firestore的规则来限制只有某些用户以下列方式访问某些集合文档/集合:
//base collection
clients:{
//document
client-1-store:{
users-allowed:[
"user-1-id",
"user-2-id",
"user-3-id",
"user-4-id",
]
}
}
事情是,如果当前登录用户的ID设置在每个“商店”的users-allowed数组内,则我只想允许读写“client-1-store”文档及其文档和子集合,但我不知道我该怎么做......
How could I set rules for Firestore to restrict access only for some users to certain collections documents/collection in the following manner:
//base collection
clients:{
//document
client-1-store:{
users-allowed:[
"user-1-id",
"user-2-id",
"user-3-id",
"user-4-id",
]
}
}
The thing is I'd like to only allow reading and writing to the "client-1-store" document and its documents and sub collections if the current logged in user's id is set inside the users-allowed array of each "store", but I have no idea of how i could do that...
最满意答案
而不是创建一个用户ID数组,创建一个值的映射
//base collection
clients:{
//document
client-1-store:{
users-allowed:{
"user-1-id": true,
"user-2-id": true,
"user-3-id": true,
"user-4-id": true,
}
}
}
match /clients/{storeId=**} {
allow read: if get(/databases/$(database)/documents/clients/$(storeId).data.users-allowed.$(request.auth.uid)) == true;
}
但是,这不会扩展为允许使用者子集合,并将每个用户标识另存为文档。 相反,您可以使用exists条件。 这还允许您为用户的文档添加进一步的粒度以获取详细的CRUD权限。
Instead of creating an array of user IDs, create a map of values
//base collection
clients:{
//document
client-1-store:{
users-allowed:{
"user-1-id": true,
"user-2-id": true,
"user-3-id": true,
"user-4-id": true,
}
}
}
match /clients/{storeId=**} {
allow read: if get(/databases/$(database)/documents/clients/$(storeId).data.users-allowed.$(request.auth.uid)) == true;
}
However, this doesn't scale as well as having an allowedUsers sub-collection, with each user ID saved as a document. You can then use the exists condition, instead. This also allows you to add further granularity to the user's document for detailed CRUD permissions.
更多推荐
发布评论