如何正确设置Firestore安全规则

本文介绍了如何正确设置Firestore安全规则的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

尽管看起来很简单，但我仍在努力设置一些基本的Firestore规则，这些规则无法正常工作.

Though it looks simple, I am still struggling to setup some basic Firestore rules, which are not working as expected.

对于下面发布的方案和查询，使用此数据库:

For scenarios and queries posted below, this database is used:

场景1

不知道数据库名称吗?我以为是restaurants，但是按照这种假设，下面的代码无法正常工作，并出现PERMISSION_DENIED异常:

Am not able to figure out database name? I thought it's restaurants, but with this assumption, below code didn’t work, and getting PERMISSION_DENIED exception:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if database == "restaurants";
    }
  }
}

场景2

收藏餐厅有10个文档，如上面的屏幕所示，我已经硬编码了这10个文档，并允许它们按以下方式进行读取和写入，但它不起作用，并得到相同的PERMISSION_DENIED异常:

Collection restaurants have 10 documents, as appearing in above screen, I have hard coded those 10, and allowed them to read and write as below, but its not working, and getting same PERMISSION_DENIED exception:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {

     allow read : if document in ['2uFMIc2BSH6oslxEABpB','8GMNVxVUb1HzRAk2QmmX',
      'AryyMURod8AeWAfBVavF','AvnpKGMeUWDSfowFLpwa','H0qi7gI8WmSVobu19G49',
      'H2xhfoj0Rn75BH9nnbuI','NRfgppqWRfj3DtHDlft4','R9gZ0hTxCPXwSeV2prNV',
      'YgXXwndeIfZx6rUhdlc4','v22FlL7LBBY851N8sIvQ'] ;

      allow write : if document in ['2uFMIc2BSH6oslxEABpB','8GMNVxVUb1HzRAk2QmmX',
      'AryyMURod8AeWAfBVavF','AvnpKGMeUWDSfowFLpwa','H0qi7gI8WmSVobu19G49',
      'H2xhfoj0Rn75BH9nnbuI','NRfgppqWRfj3DtHDlft4','R9gZ0hTxCPXwSeV2prNV',
      'YgXXwndeIfZx6rUhdlc4','v22FlL7LBBY851N8sIvQ'] ;


    }
  }
}

这2个可能不是很实际的方案，但更多的是我的理解.

These 2 may not be very practical scenarios, but its more for my understanding.

推荐答案

在您的第一个示例中，database是数据库的名称，可能类似于(默认)".

In your first example, database is the name of your database, which is probably something like "(default)".

在第二个示例中，document将成为文档的完整路径；这就是=**通配符的作用-这是我所走的一切"通配符.因此等于restaurants/2uFMIc2BSH6oslxEABpB

In your second example, document is going to be the full path of your document; that's what that =** wildcard does -- it's a "everything else in my path" kind of wildcard. So it'll equal something like restaurants/2uFMIc2BSH6oslxEABpB

如果您要创建一条规则，说明用户可以阅读我的餐厅收藏集中的任何文档"，则需要这样的内容:

If you want to create a rule that says, "A user can read any document in my restaurants collection" you want something like this:

service cloud.firestore {
  match /databases/{database}/documents {
    match /restaurants/{restaurantID} {
      allow read, write: if true;
    }
  }
}

如果您想对各个餐厅的文档ID进行一些有趣的操作，则可能需要执行以下操作:

If you want to do something interesting with the document ID of your individual restaurants, you probably want to do something more like this:

service cloud.firestore {
  match /databases/{database}/documents {
    match /restaurants/{restaurantID} {
      allow read, write: if restaurantID == '2uFMIc2BSH6oslxEABpB; ;
    }
  }
}

这篇关于如何正确设置Firestore安全规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！