[英]firestore how to check for the doc owner before write?
How do I check the document owner before allow for the user the create?在允许用户创建之前如何检查文档所有者? steps:
脚步:
document.owner
give me error when publishing. document.owner
在发布时给我错误。
//only allow create in moviesCommentID/{document} when document is owned by the user
match /moviesCommentID/{document=**} {
allow create: if request.auth != null && document.owner == request.auth.uid;
}
any help is greatly appreciated.任何帮助是极大的赞赏。
The document
variable in your rules is a string with the document ID as its value.规则中的
document
变量是一个字符串,其值是文档 ID。
Firestore doesn't have any built-in concept of a document owner. Firestore 没有任何文档所有者的内置概念。 But if you have an
owner
field in the document's data, you can access that in your rules as resource.data.owner
.但是如果您在文档数据中有一个
owner
字段,您可以在您的规则中以resource.data.owner
的身份访问它。 Also check the Firebase documentation on data validation in security rules .另请参阅 Firebase 有关安全规则中数据验证的文档。
1- Creation 1- 创作
You need to have a field in the Firestore
Document you are changing that stores the owner uid您需要在要更改的
Firestore
文档中有一个字段来存储所有者 uid
allow create: if request.auth != null && resource.data.ownerUid == request.auth.uid;
2- Update: 2-更新:
Use the same as for "create" (owner is actually the person logged), but also add something to say they cant change the owner to another user使用与“创建”相同的方法(所有者实际上是登录的人),但还要添加一些内容来说明他们不能将所有者更改为另一个用户
allow update: if request.resource.data.ownerUid== resource.data.ownerUid;
Note that request.resource
variable contains the future state of the document请注意,
request.resource
变量包含文档的未来 state
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.