无法为Firebase子集合和角色创建适当的规则。

huangapple
go评论68阅读模式
英文:

Unable to create proper rule for Firebase sub collections and roles

问题

我正在创建一个集成了Firebase的Ionic应用程序,其中我在应用程序中创建了一个帖子部分。用户可以像Facebook一样编写帖子,并且任何经过身份验证的用户都可以对帖子发表评论。以下是我存储数据的数据库设计:- 帖子/{帖子文档}/评论/{评论文档}
评论是帖子文档的子集合,其中包含特定帖子的所有评论。还有帖子文档和评论文档包含用户的Firebase uid。
我已经编写了规则,其中任何用户都可以对帖子发表评论并阅读其他人的评论,但我想要规则,其中用户可以更新自己的评论,而不是其他人,并且只有帖子所有者可以删除评论。
请检查下面的规则。请帮助我找出我遗漏了什么

match /posts/{postId} {
  allow read, write: if request.auth.uid != null;
  match /{comments}/{commentId} {
    allow read, create: if request.auth.uid != null;
    allow update: if resource.data.uid == request.auth.uid; // 用户只能更新自己的评论
    allow delete: if resource.data.uid == request.auth.uid // 只有帖子所有者可以删除评论
                && request.resource.data.uid == request.auth.uid;
  }
}

希望这些规则对你有所帮助。

英文:

I am creating an ionic app with firebase integration, in which I create a post section in the app. Users can write posts like facebook and any authenticated user can comment on the posts,
Following is my database design of how I am storing the data :- posts/{postsDocument}/comments/{commentsDocument}
Comments is sub-collection for postsDocument which holds all the comments for a particular post. Also postDocument and commentsDocument contains Firebase uid of the user.
I have written rule where any user can comment on post and read others comments but i want rules for where user can update his own comment and not others and also only post owner can delete a comment.
Check the rule below. Please help me with what I am missing

match /posts/{postId} {
  allow read, write: if request.auth.uid != null;
  match /{comments}/{commentId} {
    allow read, create: if request.auth.uid != null;
    allow update: if ;
    allow delete: if ;
  }
}

答案1

得分: 2

检查以下规则是否适用于您的情况

    match /posts/{postId} {
      allow read, write: if request.auth.uid != null;
      match /{comments}/{commentId} {
        allow read, create: if request.auth.uid != null;
        allow update: if resource.data.commentOwnderId == request.auth.uid;//commentOwnderId, firebase uid of the user who wrote the comment
        allow delete: if get(/databases/$(database)/documents/posts/$(postId)).data.postOwnerId == request.auth.uid;//postOwnerId, firebase uid of the user who wrote the post
      }
    }
英文:

Check the following rule for your case

    match /posts/{postId} {
      allow read, write: if request.auth.uid != null;
      match /{comments}/{commentId} {
        allow read, create: if request.auth.uid != null;
        allow update: if resource.data.commentOwnderId == request.auth.uid;//commentOwnderId, firebase uid of the user who wrote the comment
        allow delete: if get(/databases/$(database)/documents/posts/$(postId)).data.postOwnerId == request.auth.uid;//postOwnerId, firebase uid of the user who wrote the post
      }
    }

huangapple
  • 本文由 发表于 2020年1月6日 18:10:38
  • 转载请务必保留本文链接:https://go.coder-hub.com/59610168.html
  • firebase
  • firebase-security
  • google-cloud-firestore
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定