英文:
How to prevent Firestore to create root collection automatically during addDocument?
问题
在Firestore中,我有一个名为 "form1" 的集合。
在我的客户端应用程序中,当我在一个不存在的集合中创建文档时,比如 "form2":
db.collection("form2").addDocument(data: data)...
我从Firestore控制台中看到,"form2" 会自动创建以容纳新文档。我希望在这种情况下 addDocument() 返回错误。
如何使用安全规则来实现这一点?或者使用其他方法?
以下是我的当前安全规则:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} { // 只有已登录用户可以访问
allow read, write: if request.auth.uid != null;
}
}
}
为什么以下代码无法工作?(即使根集合存在,权限仍不足)
match /databases/{database}/documents {
match /{collection} {
allow read, write: if false;
}
match /{collection}/{document} {
allow read, write: if exists(/databases/$(database)/documents/$(collection));
}
}
}
英文:
In Firestore, I have a collection "form1"
In my client app, when I create a document in a collection that doesn't exist, say "form2"
db.collection("form2").addDocument(data: data)...
I see from Firestore console, "form2" was created automatically to hold the new document. I hope addDocument() would return error in this case.
How to do it with Security rules? or with other method?
Here is my current Secuirty rules:
rules_version = '12';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} { // only logged-in user can access
allow read, write: if request.auth.uid != null;
}
}
}
Why can't following work? (insufficient permission even if the root collection exist)
service cloud.firestore {
match /databases/{database}/documents {
match /{collection} {
allow read, write: if false;
}
match /{collection}/{document} {
allow read, write: if exists(/databases/$(database)/documents/$(collection));
}
}
}
答案1
得分: 1
你可以默认禁止所有文档的写入,然后编写规则来允许你决定的文档:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false; // 这将禁止所有文档的写入和读取
}
match /admin_/** {
allow read, write: if request.auth.token.admin == true;
}
}
}
这将不允许对任何集合或文档进行写入,除非是管理员。
英文:
You can disallow writing to all documents as default and then write rules to allow the only ones you decide:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;// This disallow write and read for all documents
}
match /admin_/** {
allow read, write: if request.auth.token.admin == true;
}
}
}
This will not allow writes to any collection or document except to admin
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论