[英]Disable querying collection in Firebase Cloud Firestore with rules
I am using Firebase Cloud Firestore, and I want to modify my rules to restrict users from querying a collection.我正在使用 Firebase Cloud Firestore,我想修改我的规则以限制用户查询集合。
This should not be allowed:这不应该被允许:
firestore().collection("users").get()
But this should be allowed:但这应该被允许:
firestore().collection("users").doc("someUserId").get()
Currently, my rules look like this:目前,我的规则是这样的:
match /users/{userId} {
allow read;
}
but this rule allows the "users" collection to be queried.但此规则允许查询“用户”集合。
How can I allow single document gets, but not collection queries?如何允许单个文档获取,但不允许集合查询?
You can break read rules into get and list .您可以将读取规则分解为get和list 。 Rules for get apply to requests for single documents, and rules for list apply to queries and requests for collections ( docs ).
get 规则适用于对单个文档的请求,而 list 规则适用于对集合 ( docs ) 的查询和请求。
match /users/{userId} {
//signed in users can get individual documents
allow get: if request.auth.uid != null;
//no one can query the collection
allow list: if false;
}
Just allow get
and you'll be good:只要让
get
,你会很好:
match /users/{userId} {
allow get;
}
Reference: https://firebase.google.com/docs/rules/rules-language#:~:text=Convenience%20methods-,read,-Any%20type%20of参考: https ://firebase.google.com/docs/rules/rules-language#:~:text=Convenience%20methods-,read,-Any%20type%20of
Give the following a try.请尝试以下操作。 I haven't been able to test it, so apologies if I've mistyped something.
我无法测试它,所以如果我输入错误,请道歉。
match /users/{userId} {
allow read: if $(request.auth.uid) == $(userId);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.