Firestore中的子集合在基本文档上可见吗?
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Firestore中的子集合在基本文档上可见吗?相关的知识,希望对你有一定的参考价值。
我想知道将敏感的用户数据存储在文档集合中(请参阅下面的结构),并使用Firestore.rules(请参见下面的规则)来限制特定用户访问文档内部的集合是否安全?如果我在用户文档上运行get指令,是否可以访问私有集合?还是仅当我在address文档上调用get指令时才可以访问它?
很抱歉,如果这是在网络上的某个地方,但是我找不到确切的答案,这对于我的应用程序的完整性有些重要。在重组后端之前,我想获得一个好主意。
Firestore结构:
(collection) users: {
(document) ID1234567890: {
(collection) private: {
(document) address: {
line1: "",
line2: "",
city: "",
state: "",
zip: "",
country: "",
},
(document) billing: {
ssnLast4: "",
externalAccount: {},
},
(document) signatures: {
...
}
}
id: "",
userName: "",
firstName: "",
lastName: "",
avatarUrl: "",
...
phone: "",
email: "",
}
}
Firestore.rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function isSignedIn() {
return request.auth != null;
}
// Users collection //
// TODO: does this match give access to all sub collections?
match /users/{userId} {
function isTrueUser() {
return resource.data.id == request.auth.uid;
}
// Anyone can create a user
allow create: if true;
// Only signed in users can read or list user profile data
allow read, list: if isSignedIn();
// Only that user can update their profile data
allow update: if isSignedIn() && isTrueUser();
// No one can delete a user
allow delete: if false;
}
match /users/{userId}/private/{documentName} {
function isTrueUser() {
return userId == request.auth.uid;
}
// Only that signed in user can create, update, read, or list their private documents
allow create, update, read, list: if isSignedIn() && isUserOwner();
// No one can delete a private document
allow delete: if false;
}
}
}
答案
Firestore中的读取操作很浅。因此,对父文档的读取不会自动从子集合中读取数据。您将需要对每个子集合进行单独的读取操作。
以上是关于Firestore中的子集合在基本文档上可见吗?的主要内容,如果未能解决你的问题,请参考以下文章