子集合的 Firebase 安全规则

Question

我有以下结构：

+ properties: (collection)
    - address
      status
      type
      ownerId
      renterId
    + offers (collection)
        - id
          amount
          date
        - id
          amount
          date
    + features (collection)
        - id
          name
        - id
          name

我想允许所有者（使用ownerId）、租用者（使用renterId）和管理员对properties 进行读取访问。

这样做似乎不起作用：

    match /properties/{property} {
    allow read, write: if get(/databases/$(database)/documents/properties/$(property)).data.renter == request.auth.uid
                    || isOwnerSeller(get(/databases/$(database)/documents/properties/$(property))) 
                    || isAAdmin();
}

我错过了什么？ 我也可以只定位优惠吗？

Answer 1

service firebase.storage {
  // Allow the requestor to read or delete any resource on a path under the
  // user directory.
  match /users/{userId}/{anyUserFile=**} {
    allow read, delete: if request.auth.uid == userId;
  }

  // Allow the requestor to create or update their own images.
  // When 'request.method' == 'delete' this rule and the one matching
  // any path under the user directory would both match and the `delete`
  // would be permitted.

  match /users/{userId}/images/{imageId} {
    // Whether to permit the request depends on the logical OR of all
    // matched rules. This means that even if this rule did not explicitly
    // allow the 'delete' the earlier rule would have.
    allow write: if request.auth.uid == userId && imageId.matches('*.png');
  }
}

根据documentation，您也可以通过这种方式设置规则。按照这个例子，你应该能够应用你想要的规则。