如何限制写入Firestore中用户拥有的文档?

时间:2017-11-10 23:09:49

标签: firebase firebase-authentication firebase-security google-cloud-firestore

我有一些文章。

每篇文章都有参考字段到撰写该特定文章的作者的资料文档

Auth'd用户(使用Firebase的Auth)将与这些配置文件相关联。

如果该用户拥有该文章,我如何使当前登录用户可以编辑这些文章?

在Firestore的文档中,有一个反复出现的例子:

service cloud.firestore {
  match /databases/{database}/documents {

    // Allows you to edit the current user document (like a user's profile).
    match /users/{userId} {
      allow read, write: if request.auth.uid == userId;
    }

    // Allows you to read/write messages as long as you're logged in (doesn't matter who you're logged in as, so theoretically you could change other peoples' messages ).
    match /rooms/{roomId} {
      match /messages/{messageId} {
        allow read, write: if request.auth != null;
      }
    }

  }
}

如何构建和编辑某个用户拥有的文档的示例在哪里?

1 个答案:

答案 0 :(得分:5)

假设您有一份文件,例如存储在其中的["item is not of a type(s) array"],您可以这样做:

owner: <uid>