service cloud.firestore {\n match \/databases\/{database}\/documents {\n match \/{document=**} {\n allow read, write: if request.auth != null;\n }\n }\n}\n<\/code><\/pre>\n\u3053\u308c\u306f\u300c\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u306f\u30d5\u30eb\u30a2\u30af\u30bb\u30b9\u300d\u3068\u3044\u3046\u6700\u4f4e\u9650\u8a2d\u5b9a\u3057\u3066\u304a\u304f\u3079\u304d\u30eb\u30fc\u30eb\u3067\u3059\u3002\u958b\u767a\u4e2d\u306f\u304a\u4e16\u8a71\u306b\u306a\u308a\u307e\u3057\u305f\u3002
\n\u3057\u304b\u3057\u6700\u7d42\u7684\u306b\u306f\u3082\u3063\u3068\u3053\u307e\u304b\u304f\u5236\u9650\u3092\u304b\u3051\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u304b\u3089\u3001\u305d\u308c\u3092\u524d\u63d0\u306b\u30c7\u30fc\u30bf\u69cb\u9020\u3092\u8a2d\u8a08\u3057\u3066\u304a\u3044\u305f\u307b\u3046\u304c\u826f\u3044\u3067\u3059\u3002<\/p>\n
\u4f8b\u3068\u3057\u3066\u4eca\u56de\u4f5c\u3063\u305f\u30b7\u30b9\u30c6\u30e0\u306e\u30c7\u30fc\u30bf\u69cb\u9020\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30eb\u30fc\u30eb\u306e\u4e00\u90e8\u306b\u3064\u3044\u3066\u89e3\u8aac\u3057\u307e\u3059\u3002<\/p>\n
<\/p>\n
\u4eca\u56de\u306e\u30b7\u30b9\u30c6\u30e0\u3067\u306f\u6a29\u9650\u306b\u3088\u308b\u5236\u9650\u304c\u5fc5\u8981\u3060\u3063\u305f\u306e\u3067Firestore\u306bemail\u3092\u30ad\u30fc\u3068\u3059\u308b\u30b3\u30ec\u30af\u30b7\u30e7\u30f3\u3001users\u3092\u4f5c\u6210\u3057\u6a29\u9650\u60c5\u5831role\u3092\u3082\u305f\u305b\u307e\u3057\u305f\u3002\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30eb\u30fc\u30eb\u4e2d\u3067Authentication\u306e\u30ed\u30b0\u30a4\u30f3\u60c5\u5831\u304b\u3089email\u3092\u53d6\u5f97\u3067\u304d\u307e\u3059\u306e\u3067\u7d10\u3065\u3051\u304c\u53ef\u80fd\u3067\u3059\u3002<\/p>\n
users\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u4f8b(\u6a29\u9650\u306b\u95a2\u3059\u308brole\u306e\u307f)<\/p>\n
murave@hoge.var: {\n role: \"admin\"\n}\n<\/code><\/pre>\n\u3053\u308c\u3092\u5229\u7528\u3057\u3066\u30a2\u30af\u30bb\u30b9\u5236\u9650\u3092\u884c\u3044\u307e\u3059\u3002\u4e00\u90e8\u30eb\u30fc\u30eb\u3092\u4f8b\u793a\u3057\u307e\u3059\u3002<\/p>\n
firestore.rules<\/p>\n
service cloud.firestore {\n match \/databases\/{database}\/documents {\n function getUser() {\n return get(\/databases\/$(database)\/documents\/users\/$(request.auth.token.email));\n }\n\n match \/users\/{email} {\n allow get: if request.auth != null;\n allow read, write: if getUser().data.role == 'admin';\n }\n\n match \/journals\/{journal} {\n allow read: if getUser().data.role in ['viewer', 'admin'];\n allow create: if request.auth != null;\n }\n\n match \/summaries\/{summary} {\n allow read: if request.auth != null;\n allow write: if getUser().data.role == 'admin';\n }\n }\n}\n<\/code><\/pre>\n\u3053\u306e\u8a2d\u5b9a\u306f\u4ee5\u4e0b\u306e\u5236\u9650\u30fb\u610f\u56f3\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n
\n- users\u306f\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u308c\u3070\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e(\u500b\u5225)\u53d6\u5f97\u306f\u53ef\u80fd\u3002\u4e00\u89a7\u53d6\u5f97\u3001\u66f8\u304d\u8fbc\u307f\u306f\u7ba1\u7406\u8005(admin)\u306e\u307f\u53ef\u80fd\u3002\n
\n- \u30ed\u30b0\u30a4\u30f3\u3057\u305f\u30e6\u30fc\u30b6\u30fc\u304c\u81ea\u8eab\u306e\u6a29\u9650\u60c5\u5831\u3092\u53d6\u5f97\u3067\u304d\u308b\u5fc5\u8981\u304c\u3042\u308b\u3002<\/li>\n
- \u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u306f\u7ba1\u7406\u8005\u304c\u7ba1\u7406\u3059\u308b\u3002<\/li>\n<\/ul>\n<\/li>\n
- jornals\u3078\u306e\u65b0\u898f\u767b\u9332\u306f\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u308c\u3070\u53ef\u80fd\u3002\u8aad\u307f\u51fa\u3057\u306f\u95b2\u89a7\u8005(viewer)\u3068\u7ba1\u7406\u8005(admin)\u304c\u53ef\u80fd\u3002\n
\n- \u3053\u308c\u306f\u96c6\u8a08\u524d\u306e\u751f\u30c7\u30fc\u30bf\u306a\u306e\u3067\u3001\u30ed\u30b0\u30a4\u30f3\u3057\u305f\u30e6\u30fc\u30b6\u30fc\u3059\u3079\u3066\u304c\u5165\u529b\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3002<\/li>\n
- \u95b2\u89a7\u8005\u3068\u7ba1\u7406\u8005\u306f\u767b\u9332\u3055\u308c\u305f\u751f\u30c7\u30fc\u30bf\u306e\u5206\u6790\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u308b\u3002<\/li>\n<\/ul>\n<\/li>\n
- summaries\u306f\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u308c\u3070\u8aad\u307f\u51fa\u3057\u306f\u53ef\u80fd\u3002\u66f8\u304d\u8fbc\u307f\u306f\u7ba1\u7406\u8005(admin)\u306e\u307f\u304c\u53ef\u80fd\u3002\n
\n- jornals\u3092\u96c6\u8a08\u3057\u305f\u30c7\u30fc\u30bf\u3067\u30e6\u30fc\u30b6\u30fc\u306f\u57fa\u672c\u7684\u306b\u306f\u3053\u306e\u96c6\u8a08\u3055\u308c\u305f\u30c7\u30fc\u30bf\u3092\u898b\u308b\u3002<\/li>\n
- \u96c6\u8a08\u51e6\u7406\u306fjornals\u3078\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u65b0\u898f\u767b\u9332\u3092\u30c8\u30ea\u30ac\u30fc\u3068\u3057\u3066\u5b9f\u884c\u3055\u308c\u308bFirebase\u5074\u306eFunction\u3067\u884c\u308f\u308c\u308b\u3002<\/li>\n
- \u7ba1\u7406\u8005\u306f\u96c6\u8a08\u3092\u4fee\u6b63\u3067\u304d\u308b\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\u96c6\u8a08\u51e6\u7406\u306fFirebase\u306eFunctions\u3092\u5229\u7528\u3057\u30b5\u30fc\u30d0\u30fc\u5074\u306b\u59d4\u8b72\u3057\u3066\u304a\u308a\u3001\u4e00\u822c\u30fb\u95b2\u89a7\u30e6\u30fc\u30b6\u30fc\u306e\u6a29\u9650\u3092\u7d5e\u308b\u3053\u3068\u304c\u53ef\u80fd\u3068\u306a\u3063\u3066\u3044\u308b\u306e\u3082\u30df\u30bd\u3067\u3059\u3002<\/p>\n
getUser()\u306fAuthentication\u306e\u30ed\u30b0\u30a4\u30f3\u60c5\u5831\u306eemail(request.auth.token.email)\u304b\u3089users\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u53d6\u5f97\u3059\u308b\u95a2\u6570\u3067\u3059\u3002\u5185\u90e8\u3067\u4f7f\u7528\u3057\u3066\u3044\u308bget()\u7b49\u3001\u7d44\u307f\u8fbc\u307f\u306e\u95a2\u6570\u306b\u306f\u4f7f\u7528\u56de\u6570\u5236\u9650\u304c\u3042\u308b\u3053\u3068\u306b\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u540c\u3058\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306e\u53d6\u5f97\u3067\u306f\u4f7f\u7528\u56de\u6570\u306f\u5897\u3048\u306a\u3044\u306a\u3069\u72ec\u7279\u306e\u30eb\u30fc\u30eb\u304c\u3042\u308b\u306e\u3067\u610f\u8b58\u3057\u3066\u3001\u5236\u9650\u3092\u8d85\u3048\u306a\u3044\u3088\u3046\u306a\u69cb\u9020\u306b\u3057\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\u3002<\/p>\n
\u9069\u5207\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30eb\u30fc\u30eb\u3067\u5b89\u5168\u306aFirestore\u30e9\u30a4\u30d5\u3092\uff01<\/p>\n![\"Facebook\"](\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/facebook.png\" "\\"Share")
<\/a>![\"twitter\"](\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/twitter.png\" "\\"Share")
<\/a>![\"linkedin\"](\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/linkedin.png\" "\\"Share")
<\/a>![\"tumblr\"](\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/tumblr.png\" "\\"Share")
<\/a>![\"mail\"](\"https:\/\/www.lancard.com\/blog\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/mail.png\" "\\"Share")
<\/a>","protected":false},"excerpt":{"rendered":"\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u3092Firebase\u3067SPA\u306e\u30b7\u30b9\u30c6\u30e0\u3092\u4f5c\u308b\u5834\u5408\u3001\u30c7\u30fc\u30bf\u3092\u5b88\u308b\u7826\u306f\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9(\u4eca\u56de\u306fFirestore)\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30eb\u30fc\u30eb\u3067\u3059\u3002 Authentication\u306e\u30ed\u30b0\u30a4\u30f3\u60c5\u5831\u3068Firestore\u4e0a\u306e\u30e6\u30fc\u30b6\u30fc\u60c5 […]<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[155,6],"tags":[190,191],"class_list":["post-5570","post","type-post","status-publish","format-standard","hentry","category-javascript","category-server","tag-firebase","tag-firestore"],"_links":{"self":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts\/5570","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/comments?post=5570"}],"version-history":[{"count":16,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts\/5570\/revisions"}],"predecessor-version":[{"id":5593,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/posts\/5570\/revisions\/5593"}],"wp:attachment":[{"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/media?parent=5570"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/categories?post=5570"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lancard.com\/blog\/wp-json\/wp\/v2\/tags?post=5570"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}