Javascript Firebase firestore安全规则访问路径参数
考虑一下这条安全规则 服务云.firestore{ 匹配/databases/{database}/documents{ 匹配/通知/{user}{ 允许读、写:if request.auth.uid!=null; } 匹配/items/{item}{ 允许读取:如果为真; 允许写入:如果为false } } } 根据,该参数存储在变量下:Javascript Firebase firestore安全规则访问路径参数,javascript,firebase,google-cloud-firestore,firebase-security,Javascript,Firebase,Google Cloud Firestore,Firebase Security,考虑一下这条安全规则 服务云.firestore{ 匹配/databases/{database}/documents{ 匹配/通知/{user}{ 允许读、写:if request.auth.uid!=null; } 匹配/items/{item}{ 允许读取:如果为真; 允许写入:如果为false } } } 根据,该参数存储在变量下: service cloud.firestore { match /databases/{database}/documents { match
service cloud.firestore {
match /databases/{database}/documents {
match /notifications/{user} {
allow read, write: if request.auth.uid != null;
}
match /items/{item} {
allow read: if resource.data != null;
allow write: if false
}
}
}
正如注释所解释的,在您的情况下,由于{item}被接受,所以只需在规则中使用item。是的,我可以使用资源对象访问路径'/items/{item}'处的值。但我不想那样。例如,如果路径是“/items/23”,它可能包含一些数据,如“{name:'orange',price:5}”。我可以通过资源对象轻松访问它。但我想知道路径的最后一部分,即值'23'。然后您可能需要使用resource.id
service cloud.firestore {
match /databases/{database}/documents {
// Make sure the uid of the requesting user matches name of the user
// document. The wildcard expression {userId} makes the userId variable
// available in rules.
match /users/{userId} {
allow read, update, delete: if request.auth != null && request.auth.uid == userId;
allow create: if request.auth != null;
}
}
}