基于用户存在的 child 的 Firebase 安全写入规则
Firebase security write rule of child based on user existence
到目前为止,这是我的安全结构:
{
"rules":
{
"users":
{
"$user":
{
".read": true,
"Age":
{
".write": "$user === auth.uid",
".validate": "newData.isNumber()"
},
"Name":
{
".write": "$user === auth.uid",
".validate": "newData.isString()"
},
"friends":
{
"$friend":
{
"Age":
{
".write": "$user === auth.uid || $friend === auth.uid",
".validate": "newData.isString()"
},
"Name":
{
".write": "$user === auth.uid || $friend === auth.uid",
".validate": "newData.isNumber()"
}
}
}
}
}
}
}
现在,当我尝试将“$user”写入用户时,出现以下错误:
Attempt to write Success({"42":{"Age":42,"Name":"Nick","friends":{"11":{"Age":11,"Name":"Rob"}}}}) to /users with auth=Success({"id":42,"provider":"anonymous","uid":"anonymous:42"})
/
/users
No .write rule allowed the operation.
Write was denied.
当我为用户设置.write
规则时,所有的写入规则都会被覆盖。我需要说明 $user
的所有特征只能由 $user
写出,但 $friend
可以由 $friend
和 $user
写出。当我推送用户时,我会和朋友一起推送他们,但是我需要朋友能够在不同的用户路径上更改他们的数据。你有什么想法吗?
好吧,所以我稍微玩了一下规则,决定将 child 的编写规则放入验证中,效果非常好。这是我的最终代码:
{
"rules":
{
"users":
{
"$user":
{
".read": true,
".write": "$user === auth.uid",
"Age":
{
".validate": "newData.isNumber()"
},
"Name":
{
".validate": "newData.isString()"
},
"friends":
{
"$friend":
{
"Age":
{
".validate": "newData.isString() && ($user === auth.uid || $friend === auth.uid)"
},
"Name":
{
".validate": "newData.isNumber() && ($user === auth.uid || $friend === auth.uid)"
}
}
}
}
}
}
}
到目前为止,这是我的安全结构:
{
"rules":
{
"users":
{
"$user":
{
".read": true,
"Age":
{
".write": "$user === auth.uid",
".validate": "newData.isNumber()"
},
"Name":
{
".write": "$user === auth.uid",
".validate": "newData.isString()"
},
"friends":
{
"$friend":
{
"Age":
{
".write": "$user === auth.uid || $friend === auth.uid",
".validate": "newData.isString()"
},
"Name":
{
".write": "$user === auth.uid || $friend === auth.uid",
".validate": "newData.isNumber()"
}
}
}
}
}
}
}
现在,当我尝试将“$user”写入用户时,出现以下错误:
Attempt to write Success({"42":{"Age":42,"Name":"Nick","friends":{"11":{"Age":11,"Name":"Rob"}}}}) to /users with auth=Success({"id":42,"provider":"anonymous","uid":"anonymous:42"})
/
/users
No .write rule allowed the operation.
Write was denied.
当我为用户设置.write
规则时,所有的写入规则都会被覆盖。我需要说明 $user
的所有特征只能由 $user
写出,但 $friend
可以由 $friend
和 $user
写出。当我推送用户时,我会和朋友一起推送他们,但是我需要朋友能够在不同的用户路径上更改他们的数据。你有什么想法吗?
好吧,所以我稍微玩了一下规则,决定将 child 的编写规则放入验证中,效果非常好。这是我的最终代码:
{
"rules":
{
"users":
{
"$user":
{
".read": true,
".write": "$user === auth.uid",
"Age":
{
".validate": "newData.isNumber()"
},
"Name":
{
".validate": "newData.isString()"
},
"friends":
{
"$friend":
{
"Age":
{
".validate": "newData.isString() && ($user === auth.uid || $friend === auth.uid)"
},
"Name":
{
".validate": "newData.isNumber() && ($user === auth.uid || $friend === auth.uid)"
}
}
}
}
}
}
}