我如何设置Firestore的规则来限制只有某些用户以下列方式访问某些集合文档/集合:
//base collection clients:{ //document client-1-store:{ users-allowed:[ "user-1-id", "user-2-id", "user-3-id", "user-4-id", ] } }事情是,如果当前登录用户的ID设置在每个“商店”的users-allowed数组内,则我只想允许读写“client-1-store”文档及其文档和子集合,但我不知道我该怎么做......
How could I set rules for Firestore to restrict access only for some users to certain collections documents/collection in the following manner:
//base collection clients:{ //document client-1-store:{ users-allowed:[ "user-1-id", "user-2-id", "user-3-id", "user-4-id", ] } }The thing is I'd like to only allow reading and writing to the "client-1-store" document and its documents and sub collections if the current logged in user's id is set inside the users-allowed array of each "store", but I have no idea of how i could do that...
最满意答案
而不是创建一个用户ID数组,创建一个值的映射
//base collection clients:{ //document client-1-store:{ users-allowed:{ "user-1-id": true, "user-2-id": true, "user-3-id": true, "user-4-id": true, } } } match /clients/{storeId=**} { allow read: if get(/databases/$(database)/documents/clients/$(storeId).data.users-allowed.$(request.auth.uid)) == true; }但是,这不会扩展为允许使用者子集合,并将每个用户标识另存为文档。 相反,您可以使用exists条件。 这还允许您为用户的文档添加进一步的粒度以获取详细的CRUD权限。
Instead of creating an array of user IDs, create a map of values
//base collection clients:{ //document client-1-store:{ users-allowed:{ "user-1-id": true, "user-2-id": true, "user-3-id": true, "user-4-id": true, } } } match /clients/{storeId=**} { allow read: if get(/databases/$(database)/documents/clients/$(storeId).data.users-allowed.$(request.auth.uid)) == true; }However, this doesn't scale as well as having an allowedUsers sub-collection, with each user ID saved as a document. You can then use the exists condition, instead. This also allows you to add further granularity to the user's document for detailed CRUD permissions.
更多推荐
发布评论