firebase - Firestore 规则 : How to allow nested document read based on parent property

Question

我的 firstore 数据库包含如下结构的集合和文档:

• 用户 -> 事件 -> 事件 -> 流

我希望每个人都能够阅读事件集合中的文档及其子集合文档(事件+流)，如果事件集合文档具有属性，例如对字符串“public”的可见性

因此，如果 Events 集合上的文档对公众具有字段可见性，则任何用户都应该能够阅读该文档及其子集合。

到目前为止，我设法通过以下方式仅使事件集合中的文档可读:

   service cloud.firestore {
  match /databases/{database}/documents {
    // Make sure the uid of the requesting user matches name of the user
    // document. The wildcard expression {userId} makes the userId variable
    // available in rules.
    match /users/{userID} {
      allow read, update, delete: if request.auth.uid == userID;
      allow create: if request.auth.uid != null;
        match /events/{eventID} {
          allow read: if resource.data.visibility == 'public';
          allow read, write, create, update, delete: if request.auth.uid == userID;
          match /activities/{activitytID} {
            allow read, write, create, update, delete: if request.auth.uid == userID;
            match /streams/{streamID} {
              allow read, write, create, update, delete: if request.auth.uid == userID;
            }
          }
        }

    }
  }
}

当一个事件文档的可见性是公开的时，如何使事件和流的嵌套集合也可读？

Answer 1

我通过以下方式解决了这个问题:

添加获取事件数据的函数

 function eventData() {
            return get(/databases/$(database)/documents/users/$(userID)/events/$(eventID)).data
          }

完整规则:

service cloud.firestore {
  match /databases/{database}/documents {
    // Make sure the uid of the requesting user matches name of the user
    // document. The wildcard expression {userId} makes the userId variable
    // available in rules.
    match /users/{userID} {
      allow read, update, delete: if request.auth.uid == userID;
      allow create: if request.auth.uid != null;
        match /events/{eventID} {
          allow read: if resource.data.visibility == 'public';
          allow read, write, create, update, delete: if request.auth.uid == userID;
          function eventData() {
            return get(/databases/$(database)/documents/users/$(userID)/events/$(eventID)).data
          }
          match /activities/{activityID} {
            allow read: if eventData().visibility == 'public'
            allow read, write, create, update, delete: if request.auth.uid == userID;
            match /streams/{streamID} {
              allow read: if eventData().visibility == 'public'
              allow read, write, create, update, delete: if request.auth.uid == userID;
            }
          }
        }

    }
  }
}