在 Firebase 中发布到用户子目录的安全规则
Security rules for posting to a user's subdirectory in Firebase
以下是我的 Firebase 安全规则:
安全-rules.json
{
"rules": {
"users": {
"$uid": {
".write": "auth.uid === $uid",
".read": "auth.uid === $uid"
}
}
}
}
当我的路径以 users
目录结尾时它工作正常。如:
https://my-firebase.firebaseio.com/users/my-user-id.json
但是当我尝试post直接到一个子目录时,如下:
https://my-firebase.firebaseio.com/users/my-user-id/settings.json
没用。
问题
What do I need to do to the security-rules.json file (or anything else) to be able to write directly to a user's subdirectory?
编辑:
有人建议,"just extend your rule to include settings." 所以我试了一下:
安全-rules.json
{
"rules": {
"users": {
"$uid": {
".write": "auth.uid === $uid",
".read": "auth.uid === $uid"
},
"settings": {
".write": "auth.uid === $uid",
".read": "auth.uid === $uid"
}
}
}
}
抛出以下错误:
9:30: Unknown variable '$uid'.
10:31: Unknown variable '$uid'.
这在模拟器中有效:
{
"rules": {
"users": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid",
"settings": {
}
}
}
}
}
经过进一步测试,我发现OP中包含的安全规则在模拟器中也有效:
安全-rules.json
{
"rules": {
"users": {
"$uid": {
".write": "auth.uid === $uid",
".read": "auth.uid === $uid"
}
}
}
}
无需添加额外的规则来更深入地写入节点树。最高权限即可。
旁白:我的问题似乎与我使用的安全规则不同。我必须做更多的研究、实验和测试。
以下是我的 Firebase 安全规则:
安全-rules.json{
"rules": {
"users": {
"$uid": {
".write": "auth.uid === $uid",
".read": "auth.uid === $uid"
}
}
}
}
当我的路径以 users
目录结尾时它工作正常。如:
https://my-firebase.firebaseio.com/users/my-user-id.json
但是当我尝试post直接到一个子目录时,如下:
https://my-firebase.firebaseio.com/users/my-user-id/settings.json
没用。
问题
What do I need to do to the security-rules.json file (or anything else) to be able to write directly to a user's subdirectory?
编辑:
有人建议,"just extend your rule to include settings." 所以我试了一下:
安全-rules.json{
"rules": {
"users": {
"$uid": {
".write": "auth.uid === $uid",
".read": "auth.uid === $uid"
},
"settings": {
".write": "auth.uid === $uid",
".read": "auth.uid === $uid"
}
}
}
}
抛出以下错误:
9:30: Unknown variable '$uid'.
10:31: Unknown variable '$uid'.
这在模拟器中有效:
{
"rules": {
"users": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid",
"settings": {
}
}
}
}
}
经过进一步测试,我发现OP中包含的安全规则在模拟器中也有效:
安全-rules.json{
"rules": {
"users": {
"$uid": {
".write": "auth.uid === $uid",
".read": "auth.uid === $uid"
}
}
}
}
无需添加额外的规则来更深入地写入节点树。最高权限即可。
旁白:我的问题似乎与我使用的安全规则不同。我必须做更多的研究、实验和测试。