我有下一个firestore规则:
service cloud.firestore {
match /databases/{database}/documents {
match /{usuarios=**} {
allow write: if get(/usuarios/$(request.auth.uid)).data.level == 0 || get(/usuarios/$(request.auth.uid)).level == 0;
}
}
}
当我尝试这个查询时,我得到“许可被拒绝”:
firebase.firestore().collection('usuarios').doc(uid).set({...});
这实际上是我的数据库:
pd:我想在我的数据库中添加有关新用户的信息(通过他的UID)
由于你按照get
的要求付费,这将是非常昂贵和低效的。相反,您应该编写规则,就像定义数据库的结构一样。这就是我的意思:
service cloud.firestore {
match /databases/{database}/documents {
match /usuarios/{uid} {
// Give write access to any field within the document who's id is the uid
// Add other validation as needed.
allow write: if uid == request.auth.uid
// Give admin access to anyone who's `level == 0`
// Make sure to add the `databases...` boilerplate
|| get(/databases/$(database)/documents/usuarios/$(request.auth.uid)).data.level == 0;
// If necessary, give access to sub-collections.
// (We can't do it for uid or it will become a path object that we can't use as a string.)
/{sub=**} {
allow write: if uid == request.auth.uid;
}
}
}
}
如果您希望看到完全刷新的规则正在做一些非常相似的事情,我有一个open source exemple。干杯!