firestore 如何在写入前检查文档所有者?
[英]firestore how to check for the doc owner before write?
问题描述
How do I check the document owner before allow for the user the create?
在允许用户创建之前如何检查文档所有者? steps:脚步:
- the document is already created by the same owner.该文档已由同一所有者创建。
- after that the same owner will try to create property and value inside the doc.之后,同一所有者将尝试在文档中创建属性和值。
document.owner give me error when publishing. document.owner在发布时给我错误。
//only allow create in moviesCommentID/{document} when document is owned by the user
match /moviesCommentID/{document=**} {
allow create: if request.auth != null && document.owner == request.auth.uid;
}
any help is greatly appreciated.任何帮助是极大的赞赏。
2 个解决方案
解决方案1
1 2022-11-24 17:04:24
The document variable in your rules is a string with the document ID as its value.规则中的document变量是一个字符串,其值是文档 ID。
Firestore doesn't have any built-in concept of a document owner. Firestore 没有任何文档所有者的内置概念。 But if you have an owner field in the document's data, you can access that in your rules as resource.data.owner .但是如果您在文档数据中有一个owner字段,您可以在您的规则中以resource.data.owner的身份访问它。 Also check the Firebase documentation on data validation in security rules .另请参阅 Firebase 有关安全规则中数据验证的文档。
解决方案2
1 已采纳 2022-11-24 17:34:27
1- Creation 1- 创作
You need to have a field in the Firestore Document you are changing that stores the owner uid您需要在要更改的Firestore文档中有一个字段来存储所有者 uid
allow create: if request.auth != null && resource.data.ownerUid == request.auth.uid;
2- Update: 2-更新:
Use the same as for "create" (owner is actually the person logged), but also add something to say they cant change the owner to another user使用与“创建”相同的方法(所有者实际上是登录的人),但还要添加一些内容来说明他们不能将所有者更改为另一个用户
allow update: if request.resource.data.ownerUid== resource.data.ownerUid;
Note that request.resource variable contains the future state of the document请注意, request.resource变量包含文档的未来 state
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.