在 Firebase 存储中,我可以使用 db “get” 规则吗?
[英]In Firebase storage, can I use db "get" rules?
问题描述
I'm trying to secure my Firebase (google cloud storage) files based on user data.
我正在尝试根据用户数据保护我的 Firebase(谷歌云存储)文件。 In firestore, I use a rule based on getting database content (look up the uid in users table and match a field) and that's working fine.在 firestore 中,我使用基于获取数据库内容的规则(在用户表中查找 uid 并匹配一个字段)并且工作正常。 I'm trying to use the same kind of rules in firebase storage but in the simulator I get Error: simulator.rules line [12], column [17]. Function not found error: Name: [get].; Error: Invalid argument provided to call. Function: [get], Argument: ["||invalid_argument||"]我试图在 firebase 存储中使用相同类型的规则,但在模拟器中我得到Error: simulator.rules line [12], column [17]. Function not found error: Name: [get].; Error: Invalid argument provided to call. Function: [get], Argument: ["||invalid_argument||"] Error: simulator.rules line [12], column [17]. Function not found error: Name: [get].; Error: Invalid argument provided to call. Function: [get], Argument: ["||invalid_argument||"] Error: simulator.rules line [12], column [17]. Function not found error: Name: [get].; Error: Invalid argument provided to call. Function: [get], Argument: ["||invalid_argument||"] . Error: simulator.rules line [12], column [17]. Function not found error: Name: [get].; Error: Invalid argument provided to call. Function: [get], Argument: ["||invalid_argument||"] 。 My rules look like this:我的规则是这样的:
match /b/{bucket}/o {
function isAuth() {
return request.auth != null && request.auth.uid != null
}
function isAdmin() {
return isAuth() &&
"admin" in get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles;
}
function clientMatch(client) { // expects user's "client" field to be ID of client
return isAuth() &&
client == get(/databases/$(database)/documents/users/$(request.auth.uid)).data.client;
}
match /P/Clients/{client}/{allPaths=**} {
allow read, write: if isAdmin() || clientMatch(client);
}
}
}
Line 12 is the one beginning client == get , in clientMatch() .第 12 行是在clientMatch()中以client == get开头的行。 I haven't been able to tell whether these functions are only supported for Firestore (db) rules, or whether they should work for storage as well.我无法判断这些函数是否仅支持 Firestore (db) 规则,或者它们是否也适用于存储。
If this doesn't work, what are my options?如果这不起作用,我有什么选择? How do people look up user data for Firebase storage security?人们如何查找 Firebase 存储安全的用户数据?
2 个解决方案
解决方案1
2 已采纳 2019-02-27 16:53:05
You currently can't reference Firestore documents in Storage rules. 您目前无法在存储规则中引用Firestore文档。 If you would like to see that as a feature of Storage rules, please file a feature request . 如果您希望将其作为存储规则的功能 ,请提交功能请求 。
Consider instead using a Cloud Functions storage trigger to perform some additional checks after the file is uploaded, and remove the file if you find that it's not valid. 考虑上传文件后,考虑使用Cloud Functions存储触发器执行一些其他检查,如果发现文件无效,则将其删除。
解决方案2
0 2022-10-01 08:27:01
This is now possible with cross-service security rules .这现在可以通过跨服务安全规则来实现。 You have to use firestore.你必须使用firestore. namespace before the get() and exists() functions as shown below: get()和exists()函数之前的命名空间如下所示:
function isAdmin() {
return isAuth() && "admin" in firestore.get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles;
}
Do note that you'll be charged for read operations just like in Firestore security rules.请注意,就像在 Firestore 安全规则中一样,您需要为读取操作付费。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.