当前,所有登录的用户都可以对股票投资组合执行CRUD操作,但是所有用户都可以查看访问其他用户数据。在只有用户只能查看和执行自己的数据的情况下,我该怎么办?
我正在使用Firestore,并且尝试修改安全规则无济于事。我相信我必须执行一项操作来检索用户ID,然后在页面上呈现结果。我为此感到挣扎。
// CreateProject.js Where user add stock to portfolio
class CreateProject extends Component {
state = {
title: '',
}
handleChange = (e) => {
this.setState({
[e.target.id]: e.target.value
})
}
handleSubmit = (e) => {
e.preventDefault();
this.props.createProject(this.state);
this.props.history.push('/dashboard');
}
render() {
const { auth } = this.props;
if (!auth.uid) return <Redirect to='/signin' />
return (
<div className="container">
<form className="white" onSubmit={this.handleSubmit}>
<h5 className="grey-text text-darken-3">Add Stock to Portfolio</h5>
<div className="input-field">
<input type="text" id='title' onChange={this.handleChange} />
<label htmlFor="title">Enter ticker</label>
</div>
<div className="input-field">
<button className="btn pink lighten-1">Add to Portfolio</button>
</div>
</form>
</div>
)
}
}
const mapStateToProps = (state) => {
return {
auth: state.firebase.auth
}
}
const mapDispatchToProps = dispatch => {
return {
createProject: (project) => dispatch(createProject(project))
}
}
// dashboard.js Stocks are then added to a portfolio called "Dashboard"
class Dashboard extends Component {
render() {
const { projects, auth} = this.props;
if (!auth.uid) return <Redirect to='/signin' />
return (
<div className="dashboard container">
<div className="row">
<div className="col s12 m6">
<ProjectList projects={projects} />
</div>
</div>
</div>
)
}
}
const mapStateToProps = (state) => {
return {
projects: state.firestore.ordered.projects,
auth: state.firebase.auth,
}
}
export default compose(
connect(mapStateToProps),
firestoreConnect([
{ collection: 'projects', orderBy: ['createdAt', 'desc'] },
])
)(Dashboard)
CreateProject组件创建一个ProjectSummary组件,该组件最终呈现到仪表板组件和路线上。每个用户应该只能看到他们添加到投资组合中的股票。并非所有用户都如此。