Firestore 规则仅读取一个集合,数据库的其余部分受到限制
Sul*_*har 6 firebase-security google-cloud-firestore
所以我有一个项目,我已经设置了一些预定义的规则,其中包括如果用户经过身份验证则允许读取数据库,然后允许一些我不太了解的单独的内容,但是当我将 stripe 集成到我的 firebase 中时,stripe 要求我添加这些内容在我的消防规则中。
现在我想让每个人都可以阅读一个特定的集合及其一个子集合,但我无法做到这一点
在我的规则是这样之前
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read: if
request.auth != null;
}
}
match /databases/{database}/documents {
match /users/{uid} {
allow read: if request.auth.uid == uid;
match /checkout_sessions/{id} {
allow read, write: if request.auth.uid == uid;
}
match /subscriptions/{id} {
allow read: if request.auth.uid == uid;
}
}
match /products/{id} {
allow read: if true;
match /prices/{id} {
allow read: if true;
}
match /tax_rates/{id} {
allow read: if true;
}
}
}
}
他们是这些之后
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if
request.auth != null;
}
match /organization/{document=**} {
allow read: if true;
}
}
match /databases/{database}/documents {
match /users/{uid} {
allow read: if request.auth.uid == uid;
match /checkout_sessions/{id} {
allow read, write: if request.auth.uid == uid;
}
match /subscriptions/{id} {
allow read: if request.auth.uid == uid;
}
}
match /products/{id} {
allow read: if true;
match /prices/{id} {
allow read: if true;
}
match /tax_rates/{id} {
allow read: if true;
}
}
}
}
但他们都不允许用户公开阅读组织集合
这是我的数据库,其中包含一些集合,我只希望organization+ 组织的子集合campaign公开可用。
你的规则:
\nrules_version = \'2\'; \nservice cloud.firestore { \nmatch /databases/{database}/documents { \nmatch /{document=**} { \nallow read, write: if request.auth != null;\n } \nmatch /organization/{document=**} { \nallow read: if true; \n} } \nmatch /databases/{database}/documents { \nmatch /users/{uid} { \nallow read: if request.auth.uid == uid; \nmatch /checkout_sessions/{id} {\nallow read, write: if request.auth.uid == uid; } \nmatch /subscriptions/{id} { \nallow read: if request.auth.uid == uid; \n} \n} \nmatch /products/{id} { \nallow read: if true; \nmatch /prices/{id} { \nallow read: if true; \n} \nmatch /tax_rates/{id} { \nallow read: if true; \n} } } }\n修改后的规则有效:
\nrules_version = \'2\';\nservice cloud.firestore {\n match /databases/{database}/documents {\n match /organization/{document=**} {\n allow read: if true; \n }\n \n match /users/{uid} {\n allow read: if request.auth.uid == "priya";\n }\n match /checkout_sessions/{id} {\n allow read : if request.auth.uid == "priya";\n allow write: if request.auth.uid == "priya";\n }\n match /subscriptions/{id} {\n allow read : if true;\n }\n match /products/{id} {\n allow read: if true;\n }\n match /prices/{id} {\n allow read: if true;\n }\n match /tax_rates/{id} {\n allow read: if true;\n }\n }\n }\n解释 :
\n- \n
我已经删除了:
\n
Run Code Online (Sandbox Code Playgroud)\nmatch /{document=**} { \nallow read, write: if request.auth != null; } \n
\nmatch /{document=**}匹配整个数据库中的所有文档。\n其中的通配符实际上“吞噬”了\n文档的整个路径,以便进一步匹配。你还嵌套了match /organization/{document=**}在它下面,这实际上没有任何意义(因为您不能在最外层文档下嵌套更多文档)。我的规则之所以有效,是因为我在顶层匹配组织集合,而不是嵌套在任何内容下。来源:
\n/sf/answers/3900357611/ \n https://firebase.google.com/docs/rules/basics#default_rules_locked_mode
\n \n我变了 :
\n
Run Code Online (Sandbox Code Playgroud)\nmatch /organization/{document=**} { \n allow read: if true;\n\n\n\nTo \n\n match /organization/{org}/campaign/{document=**} {\n allow read: if true; \n }\n\nAs you specified, you only want organization + organization\'s\nsubcollection campaign to be publicly available. I have designed a\nFirestore security rule that allows only documents and\nsubcollections inside your campaign sub collection to have public\nread access. If you try to give documents under organization\ncollection public read access, it will be denied. As the public read\naccess only applies to documents/subcollections under campaign sub\ncollection which is under organization collection, If you want any\ncollections/documents inside organization to have public read\naccess, you can change this to \n\nmatch /organization/{document=**}{ \n allow read: if true; }\n来源 :
\nhttps://firebase.google.com/docs/firestore/security/rules-struct#recursive_wildcards
\n \n
\nmatch /databases/{database}/documents{
Run Code Online (Sandbox Code Playgroud)\nThis was a duplicate/ repeat of the first\n/databases/{database}/documents and it pretty much means matching to\nthe default database we have and it\'s where all our Firestore rules\nshould be inside. Creating another /databases/{database}/documents\nis not correct and does not make sense.\n来源 :
\nhttps://firebase.google.com/docs/firestore/security/rules-struct#overlapping_match_statements
\n \n
您应该使用Firestore Simulator测试您的规则。以上规则是根据本文档和本视频进行检查和修改的
\n如何测试规则?
\n打开您的 Firebase 控制台。转到 Firestore 数据库,单击此屏幕截图中突出显示的“规则”选项卡。单击“规则游乐场”,您可以在此处模拟和测试您的规则。
\n如果您正在检查公共读取访问权限,请将模拟类型更改为\xe2\x80\x98get\xe2\x80\x99,并在位置字段中指定要检查规则的确切位置路径,例如。subscriptions/{id} 匹配 /subscription/{id} 规则。将身份验证设置为关闭。单击“运行”按钮运行模拟器,您将收到一条绿色/红色消息,分别指定您的规则已成功测试/被拒绝。
\n
如果您正在检查经过身份验证的读取访问,请将模拟类型更改为\xe2\x80\x98get\xe2\x80\x99,并在位置字段中指定要检查规则的确切位置路径。users/{uid} 匹配 /users/{uid} 规则。将身份验证设置为打开。使用一些随机值指定 Firebase uid、电子邮件、姓名、电话号码。单击“运行”按钮运行模拟器,您将收到一条绿色/红色消息,分别指定您的规则已成功测试/被拒绝。这里你必须记住request.auth.uid应该等于uid。当我们在模拟器上测试它时,我们对 uid 中的值进行硬编码,因为当我们为 Firebase uid 赋予值时 request.auth.uid 已经设置。在生产中,您可以在应用程序中设置 uid。
\n
如果您正在检查经过身份验证的写入访问,请将模拟类型更改为\xe2\x80\x99create\xe2\x80\x99,并在位置字段中指定要检查其规则的确切位置路径。checkout_sessions/{id} 匹配 /checkout_sessions/{id} 规则。将身份验证设置为打开。使用一些随机值指定 Firebase uid、电子邮件、姓名、电话号码。单击“运行”按钮运行模拟器,您将收到一条绿色/红色消息,分别指定您的规则已成功测试/被拒绝。这里你必须记住request.auth.uid应该等于uid。当我们在模拟器上测试它时,我们对 uid 中的值进行硬编码,因为当我们为 Firebase uid 赋予值时 request.auth.uid 已经设置。在生产中,您可以在应用程序中设置 uid。
\n
| 归档时间: |
|
| 查看次数: |
1374 次 |
| 最近记录: |