我有一个用户集合,我在其中存储用户数据,例如姓名,电子邮件等,以及另一个用于阻止用户的集合。我想允许用户阅读自己的文档以及他/她没有阻止的用户文档。我已经实现了安全规则,但是用户不知何故甚至无法阅读自己的文档。有人可以帮忙吗?
用户收藏
users { // name of collection
a1 { // this is firebase id serving as document name
name: "abc",
email: abc@gmail.com
}
a2 { // this is firebase id serving as document name
name: "efg",
email: efg@gmail.com
}
a3 { // this is firebase id serving as document name
name: "hij",
email: hij@gmail.com
}
a4 { // this is firebase id serving as document name
name: "klm",
email: klm@gmail.com
}
}
Blocked Collection
blocked { // name of the collection
a1 { // name of the document
a2 : 1, // this means a1 has blocked a2
a4 : 1 // this means a1 has blocked a4
}
}
安全规则
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read: if request.auth.uid != null
&& get(/databases/$(database)/documents/blocked/$(request.auth.uid)).userId != 1;
}
match /blocked/{fid} { // blocked collection/fid == owner firebase id
allow read: if request.auth.uid == fid;
}
}
}
代码
DocumentReference docref = Firestore.instance.collection("users").document(user.uid);
return docref.get();
在这种情况下,您需要以不同的方式处理userId变量。编写方式的规则是在用户的阻止文档的userId对象中查找[C0]属性,而不是Resource变量的值。您可能还想为userId调用提供一个合理的默认值。