Firebase云数据库规则-如何仅在用户id与对象中的密钥匹配的情况下检索数据?
是否有一种方法可以使用firebase规则检索具有特定“userID”值的所有项目。我试着阅读了所有的规则,并提出了这个规则,但它们不起作用: 我只想读取数据库中与auth.uid==userID匹配的文档Firebase云数据库规则-如何仅在用户id与对象中的密钥匹配的情况下检索数据?,firebase,flutter,google-cloud-firestore,firebase-security,Firebase,Flutter,Google Cloud Firestore,Firebase Security,是否有一种方法可以使用firebase规则检索具有特定“userID”值的所有项目。我试着阅读了所有的规则,并提出了这个规则,但它们不起作用: 我只想读取数据库中与auth.uid==userID匹配的文档 rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { // Allow public read access, but only content owne
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Allow public read access, but only content owners can write
match /debtors/{userID}/{documents=**} {
allow read: if request.auth.uid != null && request.auth.uid == userID;
allow create: if request.auth.uid != null;
allow update, delete: if request.auth.uid != null && request.auth.uid == userID;;
}
}
}
我收集了以下对象:
{firstname: "Aacis"
relation: "friend"
userID: "7ScK2T0T3SMUR1NJxjiCiRzTnm62"}
以颤振方式获取流:
stream: Firestore.instance
.collection("debtors")
.where("userID", isEqualTo: user.uid)
.snapshots()
您是否将
auth.uid
设置为文档id,以及名为userID
的对象键
Firestore.instance.collection("debtors").doc("7ScK2T0T3SMUR1NJxjiCiRzTnm62").set({
firstname: "Aacis",
relation: "friend",
userID: "7ScK2T0T3SMUR1NJxjiCiRzTnm62"
})
如果只允许onwer读取访问,则应设置allow read:If request.auth.uid!=null&&request.auth.uid==userID代码>
如果要读取与auth.uid==resource.data.userID匹配的文档,则应设置allow read:If request.auth.uid!=null&&request.auth.uid=resource.data.userID代码>
如果要允许公共读取访问,则应设置allow read:If true代码>
此外,读取规则可以分为get和list
service cloud.firestore {
match /databases/{database}/documents {
// A read rule can be divided into get and list rules
match /cities/{city} {
// Applies to single document read requests
allow get: if <condition>;
// Applies to queries and collection read requests
allow list: if <condition>;
}
// A write rule can be divided into create, update, and delete rules
match /cities/{city} {
// Applies to writes to nonexistent documents
allow create: if <condition>;
// Applies to writes to existing documents
allow update: if <condition>;
// Applies to delete operations
allow delete: if <condition>;
}
}
}
因此,您没有将auth.uid
设置为文档id,并且文档中名为userID
的存储值与auth.uid
匹配,您应该使用resource.data.userID
和request.resource.data.userID
请尝试以下代码
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /debtors/{document=**} {
allow read: if request.auth.uid != null && request.auth.uid == resource.data.userID;
allow create: if request.auth.uid != null && request.auth.uid == request.resource.data.userID;
allow update, delete: if request.auth.uid != null && request.auth.uid == resource.data.userID;
}
}
}
resource变量引用请求的文档,resource.data是文档中存储的所有字段和值的映射。有关资源变量的更多信息,请参阅参考文档
写入数据时,可能需要将传入数据与现有数据进行比较。在这种情况下,如果规则集允许挂起写入,则request.resource变量包含文档的未来状态。对于仅修改文档字段子集的更新操作,request.resource变量将包含操作后的挂起文档状态。您可以检查request.resource中的字段值,以防止不必要或不一致的数据更新:
见:
是否将auth.uid
设置为文档id和名为userID
的对象键
Firestore.instance.collection("debtors").doc("7ScK2T0T3SMUR1NJxjiCiRzTnm62").set({
firstname: "Aacis",
relation: "friend",
userID: "7ScK2T0T3SMUR1NJxjiCiRzTnm62"
})
如果只允许onwer读取访问,则应设置allow read:If request.auth.uid!=null&&request.auth.uid==userID代码>
如果要读取与auth.uid==resource.data.userID匹配的文档,则应设置allow read:If request.auth.uid!=null&&request.auth.uid=resource.data.userID代码>
如果要允许公共读取访问,则应设置allow read:If true代码>
此外,读取规则可以分为get和list
service cloud.firestore {
match /databases/{database}/documents {
// A read rule can be divided into get and list rules
match /cities/{city} {
// Applies to single document read requests
allow get: if <condition>;
// Applies to queries and collection read requests
allow list: if <condition>;
}
// A write rule can be divided into create, update, and delete rules
match /cities/{city} {
// Applies to writes to nonexistent documents
allow create: if <condition>;
// Applies to writes to existing documents
allow update: if <condition>;
// Applies to delete operations
allow delete: if <condition>;
}
}
}
因此,您没有将auth.uid
设置为文档id,并且文档中名为userID
的存储值与auth.uid
匹配,您应该使用resource.data.userID
和request.resource.data.userID
请尝试以下代码
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /debtors/{document=**} {
allow read: if request.auth.uid != null && request.auth.uid == resource.data.userID;
allow create: if request.auth.uid != null && request.auth.uid == request.resource.data.userID;
allow update, delete: if request.auth.uid != null && request.auth.uid == resource.data.userID;
}
}
}
resource变量引用请求的文档,resource.data是文档中存储的所有字段和值的映射。有关资源变量的更多信息,请参阅参考文档
写入数据时,可能需要将传入数据与现有数据进行比较。在这种情况下,如果规则集允许挂起写入,则request.resource变量包含文档的未来状态。对于仅修改文档字段子集的更新操作,request.resource变量将包含操作后的挂起文档状态。您可以检查request.resource中的字段值,以防止不必要或不一致的数据更新:
见:
我没有将auth.uid设置为文档id,因为我需要多个文档。。我只设置了userID:as auth.uidI没有将auth.uid设置为文档id,因为我需要多个文档。。我只将userID设置为auth.uid