Security rules are a permission control method that can flexibly customize the read and write permissions of databases and cloud storage . By configuring security rules, developers can finely control the addition and addition of all records in cloud storage and collections on the applet and web pages . Delete, modify, and check permissions, automatically reject front-end database and cloud storage requests that do not comply with security rules, and ensure data and file security.
Normal cloud databases only have these four permissions:
But in practical applications, we definitely need more corresponding permissions, such as only adding but not deleting but can modify, only viewing but not modifying but can delete, and so on. This requires us to customize the security rules:
Let's first look at the writing method of the security rules corresponding to the simple permission configuration 所有用户可读,仅创建者可写, 仅创建者可读写, 所有用户可读, . The json configuration file indicates the operation type, which is an expression and a condition. When it is parsed to true, it means that the corresponding operation complies with the security rules.所有用户不可读写keyvalue
// 所有人可读,仅创建者可读写
{
"read": true,
"write": "doc._openid == auth.openid"
}
//仅创建者可读写
{
"read": "doc._openid == auth.openid",
"write": "doc._openid == auth.openid"
}
//所有人可读
{
"read": true,
"write": false
}
//所有用户不可读写
{
"read": false,
"write": false
}The simple permission configuration is only read and write. After using the security rules, in addition to reading and writing, the support permission operation is also subdivided into create, update, and delete. That is, you can only use write , can also be subdivided into addition, deletion, and modification. For example, the following case is 所有人可读,创建者可写可更新,但是不能删除
"read": true,
"create":"auth.openid == doc._openid",
"update":"auth.openid == doc._openid",
"delete":false