Firebase 存储，基于用户的正确规则是什么 uploading/deleting？

Question

我想为 Firebase/Storage 创建基于用户的安全性。如果我只上传图片，下面的 allow write 效果很好。但它可以防止删除照片。如何为这种情况创建适当的安全规则？

service firebase.storage {
  match /b/<bucket>/o {
    match /{allPaths=**} {
      allow read: if request.auth != null;
    }
    match /users/{uid}/{filename} {
      allow write: if isCurrentUser(uid);
      allow write: if isImage() &&
                      isCurrentUser(uid) &&
                      lessThanNMegabytes(n) &&
                      request.resource !=null &&
                      filename.size() < 50;
    }
  }
}

function isCurrentUser(uid) {
    return request.auth.uid == uid;
}

function lessThanNMegabytes(n) {
    return request.resource.size < n * 1024 * 1024;
}

function isImage() {
    return request.resource.contentType.matches("image/.*");
}

Answer 1

我会用它来检查你是否creating/updating一个文件或删除它

match /users/{uid}/{filename} {
    allow write: if isCurrentUser(uid);
    allow write: if resource == null ||
         ( isImage() &&
         lessThanNMegabytes(n) &&
         request.resource !=null &&
         filename.size() < 50 );
}

Firebase 存储，基于用户的正确规则是什么 uploading/deleting？

Firebase Storage, What's the proper rules for user based uploading/deleting?

firebase

firebase-security

firebase-storage