[英]Disable querying collection in Firebase Cloud Firestore with rules
我正在使用 Firebase Cloud Firestore,我想修改我的規則以限制用戶查詢集合。
這不應該被允許:
firestore().collection("users").get()
但這應該被允許:
firestore().collection("users").doc("someUserId").get()
目前,我的規則是這樣的:
match /users/{userId} {
allow read;
}
但此規則允許查詢“用戶”集合。
如何允許單個文檔獲取,但不允許集合查詢?
您可以將讀取規則分解為get和list 。 get 規則適用於對單個文檔的請求,而 list 規則適用於對集合 ( docs ) 的查詢和請求。
match /users/{userId} {
//signed in users can get individual documents
allow get: if request.auth.uid != null;
//no one can query the collection
allow list: if false;
}
只要讓get ,你會很好:
match /users/{userId} {
allow get;
}
參考: https ://firebase.google.com/docs/rules/rules-language#:~:text=Convenience%20methods-,read,-Any%20type%20of
請嘗試以下操作。 我無法測試它,所以如果我輸入錯誤,請道歉。
match /users/{userId} {
allow read: if $(request.auth.uid) == $(userId);
}
Firebase 雲存儲規則能否針對 Firestore 數據進行驗證?
[英]Can Firebase Cloud Storage rules validate against Firestore data?
Firebase 雲存儲安全規則中Firestore文檔參考如何使用?
[英]How to use Firestore Document Reference in Firebase Cloud Storage Security Rules?
Firebase Cloud Firestore:在集合中為每個 UID 創建一個新文檔
[英]Firebase Cloud Firestore: Creating a new document in a collection for every UID
Cloud Firestore Firebase Collection ref 上的 IN 查詢是否有 Flutter/Dart 等價物?
[英]Is there a Flutter/Dart equivalent for the IN query on a Cloud Firestore Firebase Collection ref?
如何按firebase中的子集合中的字段排序flutter中的雲Firestore
[英]How to sort by a field in a sub-collection in firebase cloud firestore in flutter
是否可以使用雲 firestore 規則將 firebase firestore 訪問權限限制為僅服務帳戶和 API 密鑰?
[英]Is it possible to restrict firebase firestore access to only service accounts and API keys using cloud firestore rules?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.