[英]Firebase Firestore Securitty Rule | Allow read if field value same as auth uid
I want to read all document from我想阅读所有文件
using this query使用这个查询
QuerySnapshot data = await firestore
.collection('Order')
.where('uId', isEqualTo: auth.currentUser!.uid)
.limit(20)
.get();
and also want to apply security read only the requested auth uid same as uId/sellerUId.并且还想应用与 uId/sellerUId 相同的安全只读请求的 auth uid。
I already try with this security rule我已经尝试使用此安全规则
match /Order/{uniqueCode} {
allow read: if get(/databases/$(database)/documents/Order/$(uniqueCode)).data.sellerUId == request.auth.uid ||
get(/databases/$(database)/documents/Order/$(uniqueCode)).data.uId == request.auth.uid;
allow write, update, delete: if true;
}
I'm not sure if this is causing your problem, but you probably don't want to get()
the same document that you're securing.我不确定这是否会导致您的问题,但您可能不想
get()
您正在保护的同一文档。 Instead you can use resource
to refer to it:相反,您可以使用
resource
来引用它:
match /Order/{uniqueCode} {
allow read: if resource.data.sellerUId == request.auth.uid ||
resource.data.uId == request.auth.uid;
allow write, update, delete: if true;
}
You don't need to specify the complete path if the fields you want to compare with are already in document.如果要比较的字段已在文档中,则无需指定完整路径。
match /Order/{uniqueCode} {
allow read: if resource.data.sellerUId == request.auth.uid || resource.data.uId == request.auth.uid;
allow write, update, delete: if true;
}
You can read more about data validation here您可以在此处阅读有关数据验证的更多信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.