本文介绍了Firestore安全规则的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

对于Firebase实时数据库的安全规则,公共和私有数据可以使用如下规则存在于同一棵树中。



但是,当使用Firestore ,似乎并没有使我们能够做同样的事情,因为我们可以检索到的数据只是在收集或者文档下才行。
在同一个文档中定义公共和私人数据并获取数据(包括集合/文档)时,如果我们不是所有者,那么我们会得到私有数据权限不足的错误。



在使用RTDB的时候,我们可以得到'users / {userId} / publicInfo'的数据,因为我们没有任何关于collection / document的想法。

有没有办法用Firestore来做到这一点?否则,我们应该分别公开/私人收集?

  // Firebase实时数据库规则
users: {
$ user_id:{
.read:auth.uid === $ user_id,
.write:auth.uid === $ user_id ,

private:{
.read:auth.uid === $ user_id// ---私有数据
}

public:{
.read:auth!== null; // ---公共数据
}
}
}

// Firestore
服务cloud.firestore {
match / databases / {database} / documents {
match / users / {userId} {

match / {private = **} {
允许读取,写入:if request.auth ==用户名;
}

match / {public = **} {
允许读取,写入:if request.auth!= null;



$ b $ / code $ / pre

解决方案

因此,对于文档的单独部分,您不能拥有单独的安全规则。你可以阅读整个文件,或者你不能。这就是说,如果你想给你的用户ID文件一个包含公共和私人文件的公共和私人子集合,这是你完全可以做的事情,而不是你目前设置安全规则的方式。


$ b $ < match / {private = **} bit,就像你写的那样,并不意味着匹配任何被称为private的子集合。这意味着,匹配任何子集合,不管怎样,然后将其分配给一个名为 private 的变量。文档部分另外,你需要引用 request.auth.uid 来获得用户的ID。



所以,你可能想要更类似于这样的东西:

  / / Firestore 
服务cloud.firestore {
match / databases / {database} / documents {$ b $ match / users / {userId} {
//您可能需要添加用户文档
//本身的安全规则。现在,我们来看看我们的子集合:

match / private / {anything = **} {
//只有用户可以在他们的私有集合中读取文档
允许读取,写入:if request.auth.uid == userId;


match / public / {anything = **} {
//任何人都可以在这里阅读文档,只要他们登录
允许阅读,写:如果request.auth!= null;
}
}
}
}


As for security rules of Firebase Realtime Database, both public and private data can exist in the same tree using such as the following rule.

However, when using Firestore, it doesn't seem to enable us to do the same because the chuck of data we can retrieve is only under collection or document.When public and private data is defined in the same document and getting data w/ collection/document, we'd get error of insufficient permissions as for private data if we are not the owner.

When using RTDB, we can get data of 'users/{userId}/publicInfo' because we don't have any idea of collection/document.

Are there any way to do this of RTDB with Firestore? Otherwise, we should have public/private collection separately?

// rule of Firebase Realtime Database
"users": {
   "$user_id": {
       ".read": "auth.uid === $user_id",
       ".write": "auth.uid === $user_id",

       "private": {
          ".read": "auth.uid === $user_id"   // --- private data
       }

       "public": {
          ".read": "auth !== null";           // --- public data
       }
   }
}

// Firestore
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {

      match /{private=**} {
        allow read, write: if request.auth == userId;
      }

      match /{public=**} {
        allow read, write: if request.auth != null;
      }
    }
  }
}
解决方案

So you can't have separate security rules for separate parts of a document. You can either read the entire document, or you can't.

That said, if you wanted to give your userID document a "public" and "private" subcollection that contained documents that were public and private, that's something you can totally do, just not in the way you've currently set up your security rules.

The match /{private=**} bit as you've written it doesn't mean, "Match any subcollection that's called 'private'". It means, "Match any subcollection, no matter what, and then assign it to a variable called private". The "Recursive matching with wildcards" section of the docs covers this in more detail.

Also, you need to reference request.auth.uid to get the user's ID.

So, you probably want something more like this:

// Firestore
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
      // You'll probably want to add security rules around the user document
      // itself. For now, though, let's look at our subcollections:

      match /private/{anything=**} {
        // Only the user can read documents in their private collection
        allow read, write: if request.auth.uid == userId;
      }

      match /public/{anything=**} {
        // Anybody can read documents here, as long as they're signed in
        allow read, write: if request.auth != null;
      }
    }
  }
}

这篇关于Firestore安全规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-22 18:20
查看更多