我正在使用第一个版本的Firestore安全规则:
rules_version = '1';
同时,我有以下规则:
service cloud.firestore {
match /databases/{database}/documents {
match /chats/{chatId} {
allow read: if <condition1>
allow write: if false;
match /messages/{document=**} {
allow read: if <condition2>
// allow write: if false;
}
}
}
}
可以看到,我已经注释了写操作。聊天文档的写入操作规则是否传递给消息文档的匹配?我需要在嵌套匹配中显式地编写写操作的条件吗?如果没有,如果写规则没有显式声明…默认是false吗?
更新我在这里读到
安全规则只适用于匹配的路径
所以,我们必须明确定义嵌套内容的规则…但是,在write: if false的情况下,如果没有声明,它会默认为false吗?
如果你注释了一些规则,它将不起作用。例如,规则的工作原理与CSS类似。最后一条规则最重要。下面是一个如何保护数据库的小示例:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// {document=**} is equal to all collections and documents in whole database.
// including nested ones, so use it wise.
match /{document=**} {
allow read, write: if false;
}
// Above i restrict access to whole database but here users
// can do something in bookings collection.
// They can make documents in this collection but cannot
// make nested collections because of rule above.
match /bookings/{docId} {
allow read: if resource.data.uid == request.auth.uid || isAdmin()
allow update: if resource.data.uid == request.auth.uid || isAdmin()
allow create: if request.auth != null
}
match /app/{document} {
allow read: if true;
allow write: if false;
}
}
}
function isAdmin() {
return request.auth.token.admin == true;
}