Question

This was my initial firebase security rule:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
        match /users/{userId} {
            allow read, write: if request.auth.uid == userId;
      }
    }
  }
}

That didn't work. I kept getting an error telling me that I had insufficient privileges.

I changed it to the following and removed match /{document=**}.

service cloud.firestore {
  match /databases/{database}/documents {
        match /users/{userId} {
            allow read, write: if request.auth.uid == userId;
      }
  }
}

That works, but my question is, was match /{document=**} necessary? What exactly did that line do?

Answer 1

match /{document=**}匹配整个数据库中的所有文档。实际上，此处的通配符“吞噬”了文档的整个路径，以进行进一步匹配。您还嵌套了match /users/{userId}，实际上没有任何意义（因为您不能在最外面的文档下嵌套更多文档）。

您的第二个示例有效，因为您是在顶层匹配用户，而不是嵌套在其他任何内容下。

通常，仅当您要编写一个与集合中的文档匹配的规则，而另一个与该子集的子集合中的文档匹配的规则时，嵌套匹配。它可以节省一些打字。

Is 'match /{document=**}' necessary in firebase security

1 个答案: