Firestore规则:我们可以访问儿童规则中的父母证件野生保护吗?

时间:2019-07-02 21:31:40

标签: firebase google-cloud-firestore firebase-security-rules

遵循以下规则:

match /users/{user} {  // Do not specify any authentication for the read rule - Do not specify any delete rule
  allow create: if request.auth.uid != null && resource.data.login == "Anonymous" && resource.data.avatar_is_defined == false && resource.data.show_in_amounts_ranking == false && resource.data.amount == 0.0 && resource.data.deleted == false;
  allow update: if request.auth.uid != null && request.auth.uid == user && resource.data.deleted != true;
  allow read: if resource.data.deleted != true;

  match /seals/{seal} {  // Do not specify any delete rule
    allow create: if request.auth.uid != null && request.auth.uid == user && get(/databases/$(database)/documents/users/$(user)).data.deleted != true && resource.data.title != "";
    allow update: if request.auth.uid != null && request.auth.uid == user && get(/databases/$(database)/documents/users/$(user)).data.deleted != true && ((resource.data.title != "" && request.resource.data.amount > resource.data.amount) || (resource.data.title == "" && request.resource.data.amount == resource.data.amount));
    allow read: if get(/databases/$(database)/documents/users/$(user)).data.deleted != true;

$(user)的{​​{1}}规则中使用read是否正确,即使在父级中定义了通配符match /seals/{seal} { {1}}?

1 个答案:

答案 0 :(得分:1)

是的,您可以使用范围内任何外部匹配项中的通配符,一直使用到顶部service范围。它的工作方式与大多数具有嵌套变量作用域的编程语言所期望的一样。请注意,$(database)也可以很好地工作,它在更高级别上得到了匹配。