我有一系列收藏
用户->投资组合(所有者==用户ID)->帐户->项目
我想赋予Accounts和Items与Portfolio相同的权限。我对投资组合的许可似乎有效,并且是:
now = start_time
data = {}
while True:
for table in table_list:
data[table] = get_data(table,now)
# do something with data
now = add_minute(now)
if now = end_time:
break
else:
continue
现在我该如何处理帐户?然后是物品?
答案 0 :(得分:0)
这似乎行得通...我只是不确定嵌套文档的安全性:
match /Portfolios/{document} {
allow read, update, write, create, delete: if resource.data.owner == request.auth.uid;
allow create: if request.auth.uid != null;
match /{document=**} {
allow read, update, write, create, delete: if request.auth.uid != null;
allow create: if request.auth.uid != null;
}
}
任何改进都将受到欢迎