Firebase Firestore安全规则:Can';我不明白为什么某些规则会这样做/不这样做';行不通
我的firestore数据库的结构使“leagues”成为顶级集合,每个leagues都包含一个以每个核准用户ID命名的字段(带有数字值)Firebase Firestore安全规则:Can';我不明白为什么某些规则会这样做/不这样做';行不通,firebase,google-cloud-firestore,firebase-security,Firebase,Google Cloud Firestore,Firebase Security,我的firestore数据库的结构使“leagues”成为顶级集合,每个leagues都包含一个以每个核准用户ID命名的字段(带有数字值) match /leagues/{league} { allow read, create, update: if request.auth.uid != null; //only ever deleting a single league at a time allow delete: if exists(/databases
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
FirebaseAuth mAuth = FirebaseAuth.getInstance();
// userId = ABCDEF123 for this example
String userId = mAuth.getCurrentUser().getUid();
FirebaseFirestore firestore = FirebaseFirestore.getInstance();
firestore.collection("leagues").whereLessThan(userId, 99).get();
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, write: if resource.data.ABCDEF123 != null;
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, write: if resource.data.ABCDEF123 != null;
match /leagues/{league} {
allow read, write: if resource.data.request.auth.uid != null;
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, write: if resource.data.request.auth.uid != null;
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
//"ZYXWV987" is an example of a league the user is in
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$('ZYXWV987')/users/$(request.auth.uid));
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
// "ZYXWV987" is an example of a league the user is in
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$('ZYXWV987')/users/$(request.auth.uid));
match /leagues/{league} {
allow read, write: if resource.data.request.auth.uid != null;
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, write: if resource.data.request.auth.uid != null;
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, write: if resource.data.ABCDEF123 != null;
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, write: if resource.data.ABCDEF123 != null;
match /leagues/{league} {
allow read, write: if resource.data.request.auth.uid != null;
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, write: if resource.data.request.auth.uid != null;
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
我猜
resource.datarequestresource.data[request.auth.uid]match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
//"ZYXWV987" is an example of a league the user is in
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$('ZYXWV987')/users/$(request.auth.uid));
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
// "ZYXWV987" is an example of a league the user is in
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$('ZYXWV987')/users/$(request.auth.uid));
match /leagues/{league} {
allow read, write: if resource.data.request.auth.uid != null;
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, write: if resource.data.request.auth.uid != null;
match /leagues/{league} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
match /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}
您必须定义安全规则,使Firestore仅根据查询的定义对其进行评估,而不考虑可能的结果。resource.data[request.auth.uid]有效!其余的也有道理。谢谢后续问题:如果某个字段的值是FieldValue.delete(),我如何在删除字段(即“documentReference.update(fieldID,FieldValue.delete();”)时签入FS规则?如果该字段的值是FieldValue.delete()?“request.writeFields中的request.auth.uid”为“true”,但“request.resource.data[request.auth.uid]!=null”和“request.resource.data”为“true”[request.auth.uid]=null“都给了我“false”/“error”(我不知道如何检查),我不太明白你想做什么,只是为了确保这不是一个输入错误-你尝试过==null吗?哈,这是一个输入错误,但不是在我的实际规则中!这是完整的规则(目前,用于疑难解答)这不起作用:
允许更新:如果request.writeFields&&(request.resource.data[request.auth.uid]==null | | | request.resource.data[request.auth.uid]!=null)docref.update(userID,level)docref.update(userID,FieldValue.delete())允许更新:if request.auth.uidmatch /leagues/{league} {
allow read, create, update: if request.auth.uid != null;
//only ever deleting a single league at a time
allow delete: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid));
match /{docs = **} {
allow read, write: if exists(/databases/$(database)/documents/leagues/$(league)/users/$(request.auth.uid))}
}