遵循以下规则:
match /users/{user} { // Do not specify any authentication for the read rule - Do not specify any delete rule
allow create: if request.auth.uid != null && resource.data.login == "Anonymous" && resource.data.avatar_is_defined == false && resource.data.show_in_amounts_ranking == false && resource.data.amount == 0.0 && resource.data.deleted == false;
allow update: if request.auth.uid != null && request.auth.uid == user && resource.data.deleted != true;
allow read: if resource.data.deleted != true;
match /seals/{seal} { // Do not specify any delete rule
allow create: if request.auth.uid != null && request.auth.uid == user && get(/databases/$(database)/documents/users/$(user)).data.deleted != true && resource.data.title != "";
allow update: if request.auth.uid != null && request.auth.uid == user && get(/databases/$(database)/documents/users/$(user)).data.deleted != true && ((resource.data.title != "" && request.resource.data.amount > resource.data.amount) || (resource.data.title == "" && request.resource.data.amount == resource.data.amount));
allow read: if get(/databases/$(database)/documents/users/$(user)).data.deleted != true;
在$(user)
的{{1}}规则中使用read
是否正确,即使在父级中定义了通配符match /seals/{seal}
{ {1}}?
答案 0 :(得分:1)
是的,您可以使用范围内任何外部匹配项中的通配符,一直使用到顶部service
范围。它的工作方式与大多数具有嵌套变量作用域的编程语言所期望的一样。请注意,$(database)也可以很好地工作,它在更高级别上得到了匹配。