Firestore查询阵列/规则无法使用resources.viewers

时间:2019-05-15 11:37:32

标签: javascript angular google-cloud-firestore firebase-security-rules

我正在尝试根据此博客https://firebase.googleblog.com/2018/08/better-arrays-in-cloud-firestore.html

从数组中获取“读取”规则
  var db = firebase.firestore();
  db.collection("_users").where("viewers", "array-contains", myUID)
    .get()
    .then((querySnapshot) => {
      querySnapshot.forEach((doc) => {
        console.log(doc.id, ' => ', doc.data());
      });
    });

在AngularFirestore中相同

this.itemsCollection_users = this._afDB.collection("_users", ref => ref.where("viewers", "array-contains", myUID)))

The DB 
/_users/EGsht477klOKW0YeYsryo0j8AkY2/sometext = "hello",
/_users/EGsht477klOKW0YeYsryo0j8AkY2/viewers [
  0: hKeDFsC6wOQZGz0rP7SnJ7Vo5O73,
  1: Y8xbH2avmCWmm1EBK7wappM2qE03
]

数据库规则 服务cloud.firestore {

  match /databases/{database}/documents {   
    match /_users/{userId} {

        allow read: if request.auth.uid in resource.viewers;    

    }
}
}

因此应该可以从“查看器”中列出的任何用户访问(读取)用户EGsht477klOKW0YeYsryo0j8AkY2

我得到的警告是...

ERROR FirebaseError: Missing or insufficient permissions.

1 个答案:

答案 0 :(得分:0)

您的安全规则中的resource变量指向Resource object。要获取其数据,您需要使用resource.data,因此:

 allow read: if request.auth.uid in resource.data.viewers;