Firestore數據庫用戶之間共享文檔的規則和結構

Question

我正試圖創建一個允許用戶在列表上進行協作的應用程序。每個用戶都需要被邀請才能在列表中工作。

我這樣構建了我的數據（鬆散地基於this blog post）。 也可以根據需要更改此結構。

list 
    list_1: 
    users: 
     owner: 
     owner@company.com: true 
     shared: 
     user@company.com: true 
     user2@company.com: true 
    id 
    name 
    items: 
     item_1: 
     id: 
     name: 
     ... 

我想實現的目標：每個人都應該能夠創建列表。他們的創建者然後成爲創建列表的所有者。 只有「共享」文檔中的所有者和用戶應該能夠讀取和寫入此列表。

我想權限設置應該看起來像這樣。但這是行不通的：

service cloud.firestore { 
    match /databases/{database}/documents { 
    match /lists/{listId}/{anything=**} { 
     allow read, write: if !exists(resource.data.users.owner) || 
           resource.data.users.owner == request.auth.token.email || 
           request.auth.token.email in resource.data.users.shared 
    } 
    } 
} 

Answer 1

我能弄明白。

我改變了數據結構這一點：

list 
    list_1 
    owner: owner@company.com 
    writeAccess: [user1@company.com, user2@company.com] 
    id 
    name 
    items: 
     item_1: 
     id: 
     name: 
     ... 

然後，像這樣的數據庫規則工作：

service cloud.firestore { 
    match /databases/{database}/documents { 
    match /lists/{listId} { 
     // Allow RW on lists for owner, shared user or for everyone if it's a new list 
     allow read, write: if resource.data.owner == request.auth.token.email || 
          request.auth.token.email in resource.data.writeAccess || 
          !exists(/databases/$(database)/documents/lists/$(listId)) 
    } 
    match /lists/{listId}/items/{itemId} { 
     // Allow RW on item for owner or shared user of parent list 
     allow read, write: if get(/databases/$(database)/documents/lists/$(listId)).data.owner == request.auth.token.email || 
           request.auth.token.email in get(/databases/$(database)/documents/lists/$(listId)).data.writeAccess || 
          !exists(/databases/$(database)/documents/lists/$(listId)) // Needed for new lists. Because lists and items are created in a batch 
    } 
    } 
}