需要帮助(看起来很简单)1:1聊天用例。
/users/
/users/{userId}/
/users/{userId}/rooms (this is a Array of References to `Rooms`)
/users/{userId}/first_name
/users/{userId}/last_name
/users/{userId}/last_active
/rooms/
/rooms/{roomId}/
/rooms/{roomId}/created
/rooms/{roomId}/last_updated
/rooms/{roomId}/users (this is an Array of References to `Users`)
/rooms/{roomId}/messages/...
以下是我一直在试验的规则。似乎没有允许直接阅读room文档。
service cloud.firestore {
match /databases/{database}/documents {
match /rooms/{roomId=**} {
allow read, write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isAdmin == true;
//is it $roomId or roomId? Wouldn't this cause another READ transaction ($++)
//allow read, write: if $roomId in get(/databases/$(database)/documents/users/$(request.auth.uid)).data.rooms;
// is the following even valid?
allow read, write: if request.auth in resource.data.users;
}
match /rooms/{roomId} {
allow create: if request.auth != null;
}
match /users/{userId} {
allow read, write: if get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isAdmin == true;
allow read, write: if request.auth.uid == userId;
allow create: if request.auth != null;
}
}
}
request.auth不是users DocumentReference吗?整个规则需要更好的语法验证...我甚至不确定in是否有效。
不幸的是,对于数组中的值没有客户端查询(iOS / Swift),因此我无法指定"用户(引用)in rooms.users)。我users中没有任何内容可以匹配rooms中的字符串/对象,因此isEqualTo对我来说毫无用处。
最简单的解决方案(我原以为)会限制Firestore规则的READ权限,因此当客户端执行db.collection("rooms").getDocuments()时,只有用户有read权限的文档才会填充(request.auth in resource.data.users)。显然这是不可能的。
还是我离开基地并且有更好的方法来构建数据?