有用户,项目作为顶级集合,而任务作为项目的子集合 以下是安全规则,我在允许对任务进行收集组查询时遇到麻烦。即使我取消了对createdBy的检查,它似乎也不起作用,当我为任务资源运行模拟器时,我的规则仍然有效
match /projects/{projectID} {
allow read, delete, update: if request.auth.uid == resource.data.createdBy;
allow create: if request.auth != null;
}
match /users/{userID} {
allow read, delete, update: if request.auth.uid == userID;
allow create: if request.auth != null;
}
match /projects/{projectID}/tasks/{taskID} {
allow read, delete, update: if request.auth.uid == resource.data.createdBy;
allow create: if request.auth != null;
}
这是我的收藏夹查询
_firestore
.collectionGroup('tasks')
.where('dueDate', isEqualTo: DateTimeHelper.today)
.where('createdBy', isEqualTo: user.id)
.snapshots()
.map((list) => list.documents.map((doc) {
String projectId = doc.reference.parent().parent().documentID;
String taskId = doc.documentID;
return Task.fromDocument(doc, taskId, projectId);
}).toList());
答案 0 :(得分:1)
您的任何规则都不适用于收集组查询。您应该查看documentation on rules for collection groups。在该页面上:
在安全规则中,您必须明确允许收集组 通过为收集组编写规则进行查询:
- 确保rules_version ='2';是规则集的第一行。收集组查询需要新的递归通配符{name = **} 安全规则版本2的行为。
- 使用匹配/ {path = **} / [COLLECTION_ID] / {doc}为您的收藏组编写一条规则。
因此您的规则将更像这样:
rules_version = '2'; // at the very top of your rules
match /{path=**}/tasks/{taskID} {
allow read, delete, update: if request.auth.uid == resource.data.createdBy;
allow create: if request.auth != null;
}