Firebase Firestore 安全规则 | 如果字段值与 auth uid 相同,则允许读取
[英]Firebase Firestore Securitty Rule | Allow read if field value same as auth uid
问题描述
I want to read all document from
我想阅读所有文件
using this query使用这个查询
QuerySnapshot data = await firestore
.collection('Order')
.where('uId', isEqualTo: auth.currentUser!.uid)
.limit(20)
.get();
and also want to apply security read only the requested auth uid same as uId/sellerUId.并且还想应用与 uId/sellerUId 相同的安全只读请求的 auth uid。
I already try with this security rule我已经尝试使用此安全规则
match /Order/{uniqueCode} {
allow read: if get(/databases/$(database)/documents/Order/$(uniqueCode)).data.sellerUId == request.auth.uid ||
get(/databases/$(database)/documents/Order/$(uniqueCode)).data.uId == request.auth.uid;
allow write, update, delete: if true;
}
2 个解决方案
解决方案1
1 2021-06-24 15:21:44
I'm not sure if this is causing your problem, but you probably don't want to get() the same document that you're securing.我不确定这是否会导致您的问题,但您可能不想get()您正在保护的同一文档。 Instead you can use resource to refer to it:相反,您可以使用resource来引用它:
match /Order/{uniqueCode} {
allow read: if resource.data.sellerUId == request.auth.uid ||
resource.data.uId == request.auth.uid;
allow write, update, delete: if true;
}
解决方案2
1 已采纳 2021-06-24 15:21:55
You don't need to specify the complete path if the fields you want to compare with are already in document.如果要比较的字段已在文档中,则无需指定完整路径。
match /Order/{uniqueCode} {
allow read: if resource.data.sellerUId == request.auth.uid || resource.data.uId == request.auth.uid;
allow write, update, delete: if true;
}
You can read more about data validation here您可以在此处阅读有关数据验证的更多信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.