Access parent documents field in Firestore rules

后端 未结 3 620
小鲜肉
小鲜肉 2021-02-05 05:42

I\'m implementing a recipe book in Firestore where every user is able to see all the recipes all users created but only the original author of the recipe is allowed to edit or d

相关标签:
3条回答
  • 2021-02-05 06:07

    Dan's answer above works great! Just for reference, in my case I only needed the root parent document ID, you can use the variable from the match statement above the nested one, like this:

    service cloud.firestore {
      match /databases/{database}/documents {
    
        function isSignedIn() {
          return request.auth != null;
        }
    
        match /ListOfRecipes/{recipeID} {
            allow read, create: if isSignedIn();
            allow update, delete: if resource.data.creatorUID == request.auth.uid;
    
            match /List/{list} {
                allow read: if isSignedIn();
                allow write: if  recipeID == 'XXXXX';
            }
        }
      }
    }
    
    0 讨论(0)
  • 2021-02-05 06:07

    Building upon Dan's answer, you should be able to reduce the number of reads on your database for update and delete on the subcollection by adding the creatorUID to the subcollection document.

    You'll have to restrict create to just the creator and make sure the creatorUID is set. Here's my modification of Dan's rules:

    service cloud.firestore {
      match /databases/{database}/documents {
    
        function isSignedIn() {
          return request.auth != null;
        }
    
        match /ListOfRecipes/{recipe} {
            allow read, create: if isSignedIn();
            allow update, delete: if resource.data.creatorUID == request.auth.uid;
    
            function recipeData() {
                return get(/databases/$(database)/documents/ListOfRecipes/$(recipe)).data
            }
    
            match /List/{list} {
                allow read: if isSignedIn();
                allow update, delete: if resource.data.creatorUID == request.auth.uid;
                allow create: if recipeData().creatorUID == request.auth.uid
                              && request.resource.data.creatorUID == request.auth.uid;
            }
        }
      }
    }
    
    0 讨论(0)
  • 2021-02-05 06:11

    Rules don't cascade, so you'll need to perform whatever checks you need for the document being captured by the Rules.

    Generally speaking, {x=**} rules are more often a mistake and the usage of =** only for extremely specific use cases.

    From your question, I'm assuming your data mode is something like this:

    /ListofRecipes/{recipe_document}/List/{list_document}
    

    In this case, you'll need your Rules to be configured something like this:

    service cloud.firestore {
      match /databases/{database}/documents {
    
        function isSignedIn() {
          return request.auth != null;
        }
    
        match /ListOfRecipes/{recipe} {
            allow read, create: if isSignedIn();
            allow update, delete: if resource.data.creatorUID == request.auth.uid;
    
            function recipeData() {
                return get(/databases/$(database)/documents/ListOfRecipes/$(recipe)).data
            }
    
            match /List/{list} {
                allow read: if isSignedIn();
                allow write: if recipeData().creatorUID == request.auth.uid;
            }
        }
      }
    }
    
    0 讨论(0)
提交回复
热议问题