[英]How to match a user's uid stored in document field inside Firebase security rule for Firestore
I want to check for the UID stored in the document field of a document (of the parent collection named premiumID ) against the UID of the user requesting the data.我想根据请求数据的用户的 UID 检查存储在文档(名为premiumID的父集合)的文档字段中的 UID。 In simpler words, I want the user to only access the document which contains his UID.简单来说,我希望用户只访问包含他的 UID 的文档。
Here's what I have done until now这是我到目前为止所做的
service cloud.firestore {
match /databases/{database}/documents {
match /premiumID/{docId} {
function userData() {
return resource.data.uid
}
allow update: if userData() == request.auth.uid;
allow delete: if userData() == request.auth.uid;
allow create: if request.auth.uid != null;
allow read: if userData() == request.auth.uid;
}
}
}
Here's what my DB looks like-这是我的数据库的样子-
Here's how I am testing it.这是我测试它的方式。 This gives me read and write denied .这让我读写被拒绝。
The rule allow write: if request.auth.uid == request.resource.data.uid;
规则allow write: if request.auth.uid == request.resource.data.uid;
checks if user authentication is the same as the field uid
that the document contains.检查用户身份验证是否与文档包含的字段uid
相同。 But as said in the comments of your question your collection name doesn't match the rule that you are using.但正如您的问题评论中所说,您的集合名称与您使用的规则不匹配。
Check this site it contains very useful information about firebase rules.检查此站点,它包含有关 Firebase 规则的非常有用的信息。 It really helped me when I started using firebase rules for more complicated rules.当我开始使用 firebase 规则来处理更复杂的规则时,它真的帮助了我。
I think if you want to match a document you have to use {document}
instead of {docId}
.我想如果你想匹配一个文档,你必须使用{document}
而不是{docId}
。 I also had similar problem and changing to {document}
solved it.我也有类似的问题,改成{document}
解决了。
match /pID/{document}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.