我找到了一个可行的解决方案,我希望这对将来的某人有所帮助。
一切都经过全面测试、评论和工作。
service cloud.firestore {
//This is the "root" of the database. From here we can match into our collections.
match /databases/{database}/documents {
//matching the collection "users", the wildcard "userId" is used for the user we will be working with.
match /users/{userId}
{
//Everyone is allowed to write, if they are logged in.
allow write: if request.auth.uid != null;
//A user is allowed to read, update and delete his own account.
allow read, update, delete: if request.auth.uid == userId;
//A user is allowed to read a user, if the user matching "userId" exists in the logged in users own subcollection of users.
allow read: if exists(/databases/$(database)/documents/users/$(request.auth.uid)/users/$(userId));
//Matching the subcollection "users", still in the user matching userId.
match /{users=**}{
//A user is allowed to read, write, update, delete in the subcollection on his own account.
allow read, write, update, delete: if request.auth.uid == userId;
//A user is allowed to read, write, update, delete in the subcollection,
//if the user matching "userId" exists in the logged in users own subcollection of users.
allow read, write, update, delete: if exists(/databases/$(database)/documents/users/$(request.auth.uid)/users/$(userId));
}
}
//matching the collection "duties", the wildcard "dutyId" is used for the duty we will be working with.
match /duties/{dutyId}{
//Everyone is allowed to write, if they are logged in.
allow read, write: if request.auth.uid != null;
// A user is allowed to read, write and update if the string in the field "ownerId" in the duty matching "dutyId" == the users Uid.
allow read, update: if resource.data.ownerId == request.auth.uid;
//A user is allowed, if the user matching "ownerId" exists in the logged in users subcollection of users.
allow read, update, delete: if exists(/databases/$(database)/documents/users/$(request.auth.uid)/users/$(resource.data.ownerId));
}
}
}