[英]Disable querying collection in Firebase Cloud Firestore with rules
我正在使用 Firebase Cloud Firestore,我想修改我的规则以限制用户查询集合。
这不应该被允许:
firestore().collection("users").get()
但这应该被允许:
firestore().collection("users").doc("someUserId").get()
目前,我的规则是这样的:
match /users/{userId} {
allow read;
}
但此规则允许查询“用户”集合。
如何允许单个文档获取,但不允许集合查询?
您可以将读取规则分解为get和list 。 get 规则适用于对单个文档的请求,而 list 规则适用于对集合 ( docs ) 的查询和请求。
match /users/{userId} {
//signed in users can get individual documents
allow get: if request.auth.uid != null;
//no one can query the collection
allow list: if false;
}
只要让get ,你会很好:
match /users/{userId} {
allow get;
}
参考: https ://firebase.google.com/docs/rules/rules-language#:~:text=Convenience%20methods-,read,-Any%20type%20of
请尝试以下操作。 我无法测试它,所以如果我输入错误,请道歉。
match /users/{userId} {
allow read: if $(request.auth.uid) == $(userId);
}
Firebase 云存储规则能否针对 Firestore 数据进行验证?
[英]Can Firebase Cloud Storage rules validate against Firestore data?
Firebase 云存储安全规则中Firestore文档参考如何使用?
[英]How to use Firestore Document Reference in Firebase Cloud Storage Security Rules?
Firebase Cloud Firestore:在集合中为每个 UID 创建一个新文档
[英]Firebase Cloud Firestore: Creating a new document in a collection for every UID
Cloud Firestore Firebase Collection ref 上的 IN 查询是否有 Flutter/Dart 等价物?
[英]Is there a Flutter/Dart equivalent for the IN query on a Cloud Firestore Firebase Collection ref?
如何按firebase中的子集合中的字段排序flutter中的云Firestore
[英]How to sort by a field in a sub-collection in firebase cloud firestore in flutter
是否可以使用云 firestore 规则将 firebase firestore 访问权限限制为仅服务帐户和 API 密钥?
[英]Is it possible to restrict firebase firestore access to only service accounts and API keys using cloud firestore rules?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.