根节点规则是否级联到 firebase 中的子节点及其子节点?
does root node rule cascase to child and its subchild in firebase?
在文档中它告诉规则级联并且子级不能撤销权限但是后来在聊天示例中根读写规则默认为false,那么为什么它不级联?
Doc link
好问题。
当我们说 规则级联 时,将其读作 权限案例 。一旦您拥有读取节点的权限,您就无法在较低级别取消该权限。
所以你可以从顶层的".read": false开始,然后允许较低的读取(来自Firebase documentation on security rules的片段):
{
"rules": {
".read": false,
"room_names": {
// the room names can be enumerated and read
// they cannot be modified since no write rule
// explicitly allows this
".read": true,
但是反过来不行。你不能说每个人都可以看到所有的房间名称,就不能说任何人都不允许看到特定的房间名称:
// THIS SNIPPET WILL NOT WORK
{
"rules": {
".read": false,
"room_names": {
// the room names can be enumerated and read
// they cannot be modified since no write rule
// explicitly allows this
".read": true,
"my_secret_room": {
// THIS WILL NOT WORK
// since we've said that every can read all room names
// we cannot take that permission away anymore
".read": false
}
在文档中它告诉规则级联并且子级不能撤销权限但是后来在聊天示例中根读写规则默认为false,那么为什么它不级联? Doc link
好问题。
当我们说 规则级联 时,将其读作 权限案例 。一旦您拥有读取节点的权限,您就无法在较低级别取消该权限。
所以你可以从顶层的".read": false开始,然后允许较低的读取(来自Firebase documentation on security rules的片段):
{
"rules": {
".read": false,
"room_names": {
// the room names can be enumerated and read
// they cannot be modified since no write rule
// explicitly allows this
".read": true,
但是反过来不行。你不能说每个人都可以看到所有的房间名称,就不能说任何人都不允许看到特定的房间名称:
// THIS SNIPPET WILL NOT WORK
{
"rules": {
".read": false,
"room_names": {
// the room names can be enumerated and read
// they cannot be modified since no write rule
// explicitly allows this
".read": true,
"my_secret_room": {
// THIS WILL NOT WORK
// since we've said that every can read all room names
// we cannot take that permission away anymore
".read": false
}