我在Firestore中苦苦挣扎,为文档设置安全规则。使用RTDB可以为特定对象属性设置规则,我正在尝试对Firestore执行相同的操作。
RTDB代码:
service cloud.firestore {
match /databases/{database}/documents {
match /users/ {
allow read
match /{$user} {
allow read: if request.auth.uid != null
allow write: if request.auth.uid == request.resource.id && exists(/databases/$(database)/documents/users/$(request.resource.id)) === false
match /birthday {
allow write: if request.auth.uid == request.resource.id
}
match /name {
allow write: if request.auth.uid == request.resource.id
}
match /banned {
allow write: get(/databases/$(database)/documents/users/$(request.auth.uid)).data.userType > 3
}
}
}
}
}
在Firestore中的相同代码下面:
path当我为子集合编写安全规则时,它工作正常。但对于文档字段,它不起作用。这是不可能的,还是匹配参考中有一个特殊的ImportError Traceback (most recent call last)
<ipython-input-1-b06499430ee0> in <module>()
----> 1 import nltk
/usr/local/lib/python2.7/dist-packages/nltk/__init__.py in <module>()
103 # Import top-level functionality into top-level namespace
104
--> 105 from collocations import *
106 from decorators import decorator, memoize
107 from featstruct import *
/usr/local/lib/python2.7/dist-packages/nltk/collocations.py in <module>()
34 from operator import itemgetter as _itemgetter
35
---> 36 from nltk.probability import FreqDist
37 from nltk.util import ingrams
38 from nltk.metrics import ContingencyMeasures, BigramAssocMeasures, TrigramAssocMeasures
/usr/local/lib/python2.7/dist-packages/nltk/probability.py in <module>()
46 from operator import itemgetter
47 from itertools import imap, islice
---> 48 from collections import defaultdict
49
50 ##//////////////////////////////////////////////////////
/usr/local/lib/python2.7/dist-packages/nltk/collections.py in <module>()
20 from six import text_type
21
---> 22 from nltk.internals import slice_bounds, raise_unorderable_types
23 from nltk.compat import python_2_unicode_compatible
24
ImportError: cannot import name raise_unorderable_types
段? The documentation没有说明这一点。
答案 0 :(得分:4)
您可以通过查看request.resource.data属性来执行此操作。如documentation的此部分所示。您只需要匹配文档级别。您可以使用if条件检查字段规则。
但是,您无法控制对单个字段的读取权限。用户可以阅读整个文档。如果需要存储私有数据,请考虑将其添加到用户文档的子集合中。
这是一个例子
service cloud.firestore {
match /databases/{database}/documents {
// Make sure all cities have a positive population and
// the name is not changed
match /cities/{city} {
allow update: if request.resource.data.population > 0
&& request.resource.data.name == resource.data.name;
}
}
}
答案 1 :(得分:1)
Looks like this is now supported:
service cloud.firestore {
match /databases/{database}/documents {
// Allow the user to read data if the document has the 'visibility'
// field set to 'public'
match /cities/{city} {
allow read: if resource.data.visibility == 'public';
}
}
}
resource变量引用所请求的文档,而resource.data是文档中存储的所有字段和值的映射。
举一个具体的例子,在我的情况下,仅当请求用户位于组的 members 字段(这是一个数组)中时,我才需要提供对组的读取访问权限集合。所以我这样做了:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isMember(userId) {
return (userId in resource.data.members);
}
match /groups/{group} {
allow read: if request.auth != null && isMember(request.auth.uid);
}
//...
}
}