{ "read": "auth.openid == get(`database.openid2groupid.${doc.groupId}`).another_openid", "write": "doc._openid == auth.openid" } { "read": "get(`database.openid2groupid.${doc.groupId}`).another_openid == auth.openid", "write": "doc._openid == auth.openid" } 今天尝试了数据库安全规则，想设置权限，结果整了好久权限没给出来，机缘巧合发现，auth.openid所在的位置不同，居然影响条件表达式的结果，auth.openid在前面，他总是拒绝我，auth.openid才如期运行，哭了 代码是下面的，查询传入一个groupId，到数据库openid2groupid查记录，如果记录_id == groupId,查记录的another_openid里有没有和auth.openid相同的，有就授权 mergeCommonCriteria(criteria) { return { groupId: this.data.groupId, ...criteria, } }, async initRoom() { this.try(async () => { await this.initOpenID() const { envId, collection } = this.properties const db = this.db = wx.cloud.database({ env: envId, }) const _ = db.command const { data: initList } = await db.collection(collection).where(this.mergeCommonCriteria()).orderBy('sendTimeTS', 'desc').get()