Firebase安全规则-can'；无法使用get（）获取资源

我正试图用get（）在firebase安全控制台中编写一个规则，但无论如何都无法获取资源数据。。。如果用户uid位于文档字段、数组或映射中，我希望用户能够读取文档及其子集合

我的收藏结构： /boards/（boardId）/…更多

（boardId）文档中的字段：

• 名称：“董事会名称”
• 所有者ID：“MYID12345”
• guestsId（数组）：[“MYID12345”]
• guestsMap（地图）：[MYID12345:true]

安全规则：

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {   
    match /boards/{boardId=**} {
      // rules here
    }
  }
}

到目前为止，我所尝试的：

allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap[request.auth.uid] == true;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsMap[true];

allow read: if get(/databases/$(database)/documents/boards/$(boardId)).request.data.guestsId[request.auth.uid];
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId;
allow read: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).request.data.guestsId;

allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId == request.auth.uid;
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId == "MYID12345";
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).resource.data.ownerId == request.auth.uid;
allow read: if get(/databases/$(database)/documents/boards/$(boardId)).request.data.ownerId == request.auth.uid;

这些都不起作用，总是得到：

ERROR FirebaseError: Missing or insufficient permissions.

允许读取：如果为true，则使应用程序正常运行。 我坚持文档，但它对我不起作用

@更新

match /boards/{boardId=**} {
  allow read: if resource.data.ownerId == request.auth.uid;
}

也不能这样使用它，因为每个子集合都在其文档中查找ownerId字段，而ownerId或朋友列表数组仅在board文档中

@更新

match /boards/{boardId=**} {
  allow read: if resource.data.ownerId == request.auth.uid;
}

我试着这样做，但没用：

match /boards/{boardId} {
    allow read, write: if request.auth.uid in resource.data.guestsId  || request.auth.uid == resource.data.ownerId;
    allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));

    function passResource() {
        return request.auth.uid in resource.data.guestsId  || request.auth.uid == resource.data.ownerId;
    }

    match /categoryList/{categoryId} {
        allow read, write: if passResource();
    }

    ...
}

---

我在这里遗漏了什么？

好的，我找到了一个有效的解决方案：

  match /databases/{database}/documents {  
    match /boards/{boardId} {
      allow read: if request.auth.uid in resource.data.guestsId  || request.auth.uid == resource.data.ownerId;
      allow write: if request.auth.uid == resource.data.ownerId;
      allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));

      function isAllowed() {
        return request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId || request.auth.uid == get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId;
      }
      match /categoryList/{category} {
        allow read, write: if isAllowed();

        match /taskList/{task} {
            allow read, write: if isAllowed();
        }
      }
      ...
  }

同样有趣的是，它不想这样工作：

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {  
    match /boards/{boardId=**} {
      allow read, write: if request.auth.uid in get(/databases/$(database)/documents/boards/$(boardId)).data.guestsId || request.auth.uid == get(/databases/$(database)/documents/boards/$(boardId)).data.ownerId;
      allow create: if exists(/databases/$(database)/documents/users/$(request.auth.uid));
    }
 }

因为：

Error: simulator.rules line [5], column [49]. Property guestsId is undefined on object.

---

我猜问题是$（boardId）由于使用了通配符而获取子集合名称。