在匹配规则之外的函数中使用get()的Firebase安全规则

时间:2018-09-16 20:11:56

标签: google-cloud-firestore firebase-security-rules

我发现在匹配规则之外的函数中使用get()调用不起作用,而将其放入匹配规则中则起作用:

service cloud.firestore {

  // If I put this here, it does not work.
  function isAdmin() {
    return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.permissions.hasAny(['admin']);
  }

  match /myrecord/{property} {
    // If I put the isAdmin() here it works.
    function isAdmin2() {
      return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.permissions.hasAny(['admin']);
    }

    allow write: if isAdmin();
  }
}

我希望此功能处于“全局”级别,我可以从所有匹配规则中访问它。能做到吗?

1 个答案:

答案 0 :(得分:0)

我意识到我可以将其放在顶级比赛之后,并且可以按预期工作:

service cloud.firestore {
 match /databases/{database}/documents {

  // If I put this here, after the top-level match it works
  function isAdmin() {
    return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.permissions.hasAny(['admin']);
  }

  match /myrecord/{property} {
相关问题
最新问题