Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
943 views
in Technique[技术] by (71.8m points)

firebase - Firestore security rules based on request query value

I'm trying to secure requests to a collection to allow any single get, but only to allow list if a specific key is matched.

Database structure is like this:

projects
  project1
    name: "Project 1 name"
    board_id: "board1"
  project2
    name: "Project 2 name"
    board_id: "board2"

boards
  board1
  board2

The Firestore query I'm making from Vue:

// Only return projects matching the requested board_id

db
  .collection("projects")
  .where("board_id", "==", this.board_id)

The security rules I'd like to have would be something like this:

match /projects/{project} {
  allow get: if true // this works
  allow list: if resource.data.board_id == [** the board_id in the query **]

  // OR

  allow list: if [** the board_id in the query **] != null

I want to do this so you can list the projects in a specific board, but can't just list everything.

Is there a way to access the requested .where() in the security rules or do I need to nest my projects collection inside my boards collection and secure it that way?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...