如何防止Firestore在添加文档时自动创建根集合?

huangapple go评论59阅读模式
英文:

How to prevent Firestore to create root collection automatically during addDocument?

问题

在Firestore中,我有一个名为 "form1" 的集合。

在我的客户端应用程序中,当我在一个不存在的集合中创建文档时,比如 "form2":

db.collection("form2").addDocument(data: data)...

我从Firestore控制台中看到,"form2" 会自动创建以容纳新文档。我希望在这种情况下 addDocument() 返回错误。

如何使用安全规则来实现这一点?或者使用其他方法?

以下是我的当前安全规则:

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {  // 只有已登录用户可以访问
      allow read, write: if request.auth.uid != null;
    }
  }
}

为什么以下代码无法工作?(即使根集合存在,权限仍不足)

  match /databases/{database}/documents {
    match /{collection} {
      allow read, write: if false;
    }
    match /{collection}/{document} {
      allow read, write: if exists(/databases/$(database)/documents/$(collection));
    }
  }
}
英文:

In Firestore, I have a collection "form1"

In my client app, when I create a document in a collection that doesn't exist, say "form2"

db.collection("form2").addDocument(data: data)...

I see from Firestore console, "form2" was created automatically to hold the new document. I hope addDocument() would return error in this case.

How to do it with Security rules? or with other method?

Here is my current Secuirty rules:

rules_version = '12';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {  // only logged-in user can access
      allow read, write: if request.auth.uid != null;
    }
  }
}

Why can't following work? (insufficient permission even if the root collection exist)

service cloud.firestore {
  match /databases/{database}/documents {
    match /{collection} {
      allow read, write: if false;
    }
    match /{collection}/{document} {
      allow read, write: if exists(/databases/$(database)/documents/$(collection));
    }
  }
}

答案1

得分: 1

你可以默认禁止所有文档的写入,然后编写规则来允许你决定的文档:

service cloud.firestore {
  match /databases/{database}/documents { 
    match /{document=**} {
      allow read, write: if false; // 这将禁止所有文档的写入和读取
    }
    match /admin_/** {
      allow read, write: if request.auth.token.admin == true;
    }
  }
}

这将不允许对任何集合或文档进行写入,除非是管理员。

英文:

You can disallow writing to all documents as default and then write rules to allow the only ones you decide:

service cloud.firestore {
  match /databases/{database}/documents { 
    match /{document=**} {
      allow read, write: if false;// This disallow write and read for all documents
    }
    match /admin_/** {
  allow read, write: if request.auth.token.admin == true;
}
  }
}

This will not allow writes to any collection or document except to admin

huangapple
  • 本文由 发表于 2023年2月6日 20:15:27
  • 转载请务必保留本文链接:https://go.coder-hub.com/75361197.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定