如何使 Firebase 数据库值仅对其各自配对的 UID 可见?
How to make Firebase database values only visible to their respective paired UIDs?
这是我的数据库结构:
我希望用户1节点下的值只对用户1可读可写,用户2节点下的值只对用户2可读可写,以后其他新用户以此类推.这意味着用户 1 无法在其他用户的节点下读取和写入值,并且 versa.For 我必须为我的数据库设置规则。
下面的规则是我试过的至此,用户1只能在自己的节点下写入值,不能在其他用户的节点下写入,反之亦然,这正是我想要的。问题是用户 1 仍然可以读取其他用户节点下的值,这是不可取的。我阅读了一些解释数据库规则的文档,但这对我来说很难理解。我尝试了多种方法来重写我的规则,但仍然失败。我需要帮助来解决这个问题。
{
"rules": {
".read": "auth.uid != null",
".write":"auth.uid != null",
"Users' Input History": {
"$user": {
".validate":"$user === auth.uid"
}
},
"Users' Vocabulary List": {
"$user": {
".validate":"$user === auth.uid"
}
}
}
}
作为记录,我使用了规则模拟器,如下图所示。我打开 "validated" 选项,选择 "Google" 作为提供者,将模拟 UID 设置为 "Kad06bqeNChhjaksxgP9cVtoFMh1"(即用户 1),然后点击执行按钮。结果在第 3 行和第 4 行分别允许 "read" 和 "set"。
下面是我的用户身份验证和向数据库提交值的代码:
GoogleSignInActivity:
public class GoogleSignInActivity extends BaseActivity implements
View.OnClickListener {
private static final String TAG = "GoogleActivity";
private static final int RC_SIGN_IN = 9001;
// [START declare_auth]
private FirebaseAuth mAuth;
private FirebaseAuth.AuthStateListener mAuthListener;
// [END declare_auth]
private GoogleSignInClient mGoogleSignInClient;
private TextView mStatusTextView; // For displaying user's email
private TextView mDetailTextView; // For displaying user's UID
private TextView mScreenNameTextView; // For displaying user's display name (user.getDisplayName())
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_google_sign_in);
// Views
mStatusTextView = findViewById(R.id.status);
mDetailTextView = findViewById(R.id.detail);
mScreenNameTextView = findViewById(R.id.screen_name_textView);
setProgressBar(R.id.progressBar);
// Button listeners
findViewById(R.id.signInButton).setOnClickListener(this);
// [START config_signin]
// Configure Google Sign In
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.default_web_client_id))
.requestEmail()
.build();
// [END config_signin]
mGoogleSignInClient = GoogleSignIn.getClient(this, gso);
// [START initialize_auth]
// Initialize Firebase Auth
mAuth = FirebaseAuth.getInstance();
// [END initialize_auth]
mAuthListener = new FirebaseAuth.AuthStateListener() {
@Override
public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
FirebaseUser user = firebaseAuth.getCurrentUser();
if (user != null) {
// User is signed in
Log.d(TAG, "onAuthStateChanged:signed_in:" + user.getUid());
toastMessage("Successfully signed in with: " + user.getEmail());
mStatusTextView.setText(getString(R.string.Google_status_fmt, user.getEmail()));
mDetailTextView.setText(getString(R.string.Firebase_status_fmt, user.getUid()));
username = mDetailTextView.getText().toString();
}
}
};
}
// [START on_start_check_user]
@Override
public void onStart() {
super.onStart();
mAuth.addAuthStateListener(mAuthListener);
// Check if user is signed in (non-null).
FirebaseUser currentUser = mAuth.getCurrentUser();
}
// [END on_start_check_user]
@Override
public void onStop() {
super.onStop();
if (mAuthListener != null) {
mAuth.removeAuthStateListener(mAuthListener);
}
}
// [START onActivityResult]
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
// Result returned from launching the Intent from GoogleSignInApi.getSignInIntent(...);
if (requestCode == RC_SIGN_IN) {
Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);
try {
// Google Sign In was successful, authenticate with Firebase
GoogleSignInAccount account = task.getResult(ApiException.class);
firebaseAuthWithGoogle(account);
Toast.makeText(getApplicationContext(), getResources().getString(R.string.Login_successful), Toast.LENGTH_LONG).show();
username = mDetailTextView.getText().toString();
} catch (ApiException e) {
// Google Sign In failed, update UI appropriately
Log.w(TAG, "Google sign in failed", e);
}
}
}
// [END onActivityResult]
// [START auth_with_google]
private void firebaseAuthWithGoogle(GoogleSignInAccount acct) {
Log.d(TAG, "firebaseAuthWithGoogle:" + acct.getId());
// [START_EXCLUDE silent]
showProgressBar();
// [END_EXCLUDE]
AuthCredential credential = GoogleAuthProvider.getCredential(acct.getIdToken(), null);
mAuth.signInWithCredential(credential)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
@Override
public void onComplete(@NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
// Sign in success, update UI with the signed-in user's information
Log.d(TAG, "signInWithCredential:success");
FirebaseUser user = mAuth.getCurrentUser();
} else {
// If sign in fails, display a message to the user.
Log.w(TAG, "signInWithCredential:failure", task.getException());
Snackbar.make(findViewById(R.id.main_layout), "Authentication Failed.", Snackbar.LENGTH_SHORT).show();
}
// [START_EXCLUDE]
hideProgressBar();
// [END_EXCLUDE]
}
});
}
// [END auth_with_google]
// [START signin]
private void signIn() {
Intent signInIntent = mGoogleSignInClient.getSignInIntent();
startActivityForResult(signInIntent, RC_SIGN_IN);
}
// [END signin]
@Override
public void onClick(View v) {
int i = v.getId();
if (i == R.id.signInButton) {
signIn();
}
}
}
我将值推送到数据库的代码:
EditText wordInputView;
String searchKeyword;
String username;
public static DatabaseReference mRootReference = FirebaseDatabase.getInstance().getReference();
public static DatabaseReference mChildReferenceForInputHistory = mRootReference.child("Users' Input History");
public static DatabaseReference mChildReferenceForVocabularyList = mRootReference.child("Users' Vocabulary List");
searchKeyword = wordInputView.getText().toString();
Query query = mChildReferenceForInputHistory.child(username).orderByValue().equalTo(searchKeyword);
query.addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@NonNull DataSnapshot dataSnapshot) {
for (DataSnapshot snapshot: dataSnapshot.getChildren()) {
//If a duplicate value (searchKeyword) is found, remove it.
snapshot.getRef().setValue(null);
}
}
@Override
public void onCancelled(@NonNull DatabaseError databaseError) {
throw databaseError.toException();
}
});
mChildReferenceForInputHistory.child(username).push().setValue(searchKeyword);
//Initialize the adapter
userInputArrayAdapter = new ArrayAdapter<>(this, android.R.layout.simple_list_item_1, userInputArraylist);
userInputListview.setAdapter(userInputArrayAdapter);
mChildReferenceForInputHistory.addChildEventListener(new ChildEventListener() {
@Override
public void onChildAdded(@NonNull DataSnapshot dataSnapshot, @Nullable String previousChildKey) {
for (DataSnapshot snapshot : dataSnapshot.getChildren()){
String value = snapshot.getValue(String.class);
userInputArraylist.add(value);
HashSet<String> myVocabularyArraylistHashSet = new HashSet<>();
myVocabularyArraylistHashSet.addAll(userInputArraylist);
userInputArraylist.clear();
userInputArraylist.addAll(myVocabularyArraylistHashSet);
//Alphabetic sorting
Collections.sort(userInputArraylist);
userInputArrayAdapter.notifyDataSetChanged();
}
}
@Override
public void onChildChanged(@NonNull DataSnapshot dataSnapshot, @Nullable String s) {
}
@Override
public void onChildRemoved(@NonNull DataSnapshot dataSnapshot) {
}
@Override
public void onChildMoved(@NonNull DataSnapshot dataSnapshot, @Nullable String s) {
}
@Override
public void onCancelled(@NonNull DatabaseError databaseError) {
}
});
来自 Firebase 文档:
If a rule grants read or write permissions at a particular path, then it also grants access to all child nodes under it.
在您的情况下,您向所有经过身份验证的用户授予 .read 权限,因为这部分:
"rules": {
".read": "auth.uid != null",
".write":"auth.uid != null",
... 向所有经过身份验证的人授予读取权限,因为这是您的路由目录,他们还授予他们读取 "Users' Input History" 和 "Users' Vocabulary List" 的权限,因为这在您的路由下。
.validate 规则仅在您写入数据时使用,它们定义了数据应该是什么。
回到你的问题,在你的用例中你应该重新考虑重组你的数据库并设置新的规则。
一种可能的解决方案是设置这些规则:
{
"rules": {
"Users' Input History": {
"$user": {
".read": "auth.uid === $user",
".write": "auth.uid === $user"
}
},
"Users' Vocabulary List": {
"$user": {
".read": "auth.uid === $user",
".write": "auth.uid === $user"
}
}
}
}
在这种情况下,您只授予用户 111 读写“/Users' Input History/111”和“/Users' Vocabulary List/111”的权限,因此如果您有更多孩子root 您必须为它们中的每一个定义规则。
这是我的数据库结构:
我希望用户1节点下的值只对用户1可读可写,用户2节点下的值只对用户2可读可写,以后其他新用户以此类推.这意味着用户 1 无法在其他用户的节点下读取和写入值,并且 versa.For 我必须为我的数据库设置规则。
下面的规则是我试过的至此,用户1只能在自己的节点下写入值,不能在其他用户的节点下写入,反之亦然,这正是我想要的。问题是用户 1 仍然可以读取其他用户节点下的值,这是不可取的。我阅读了一些解释数据库规则的文档,但这对我来说很难理解。我尝试了多种方法来重写我的规则,但仍然失败。我需要帮助来解决这个问题。
{
"rules": {
".read": "auth.uid != null",
".write":"auth.uid != null",
"Users' Input History": {
"$user": {
".validate":"$user === auth.uid"
}
},
"Users' Vocabulary List": {
"$user": {
".validate":"$user === auth.uid"
}
}
}
}
作为记录,我使用了规则模拟器,如下图所示。我打开 "validated" 选项,选择 "Google" 作为提供者,将模拟 UID 设置为 "Kad06bqeNChhjaksxgP9cVtoFMh1"(即用户 1),然后点击执行按钮。结果在第 3 行和第 4 行分别允许 "read" 和 "set"。
下面是我的用户身份验证和向数据库提交值的代码:
GoogleSignInActivity:
public class GoogleSignInActivity extends BaseActivity implements
View.OnClickListener {
private static final String TAG = "GoogleActivity";
private static final int RC_SIGN_IN = 9001;
// [START declare_auth]
private FirebaseAuth mAuth;
private FirebaseAuth.AuthStateListener mAuthListener;
// [END declare_auth]
private GoogleSignInClient mGoogleSignInClient;
private TextView mStatusTextView; // For displaying user's email
private TextView mDetailTextView; // For displaying user's UID
private TextView mScreenNameTextView; // For displaying user's display name (user.getDisplayName())
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_google_sign_in);
// Views
mStatusTextView = findViewById(R.id.status);
mDetailTextView = findViewById(R.id.detail);
mScreenNameTextView = findViewById(R.id.screen_name_textView);
setProgressBar(R.id.progressBar);
// Button listeners
findViewById(R.id.signInButton).setOnClickListener(this);
// [START config_signin]
// Configure Google Sign In
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.default_web_client_id))
.requestEmail()
.build();
// [END config_signin]
mGoogleSignInClient = GoogleSignIn.getClient(this, gso);
// [START initialize_auth]
// Initialize Firebase Auth
mAuth = FirebaseAuth.getInstance();
// [END initialize_auth]
mAuthListener = new FirebaseAuth.AuthStateListener() {
@Override
public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
FirebaseUser user = firebaseAuth.getCurrentUser();
if (user != null) {
// User is signed in
Log.d(TAG, "onAuthStateChanged:signed_in:" + user.getUid());
toastMessage("Successfully signed in with: " + user.getEmail());
mStatusTextView.setText(getString(R.string.Google_status_fmt, user.getEmail()));
mDetailTextView.setText(getString(R.string.Firebase_status_fmt, user.getUid()));
username = mDetailTextView.getText().toString();
}
}
};
}
// [START on_start_check_user]
@Override
public void onStart() {
super.onStart();
mAuth.addAuthStateListener(mAuthListener);
// Check if user is signed in (non-null).
FirebaseUser currentUser = mAuth.getCurrentUser();
}
// [END on_start_check_user]
@Override
public void onStop() {
super.onStop();
if (mAuthListener != null) {
mAuth.removeAuthStateListener(mAuthListener);
}
}
// [START onActivityResult]
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
// Result returned from launching the Intent from GoogleSignInApi.getSignInIntent(...);
if (requestCode == RC_SIGN_IN) {
Task<GoogleSignInAccount> task = GoogleSignIn.getSignedInAccountFromIntent(data);
try {
// Google Sign In was successful, authenticate with Firebase
GoogleSignInAccount account = task.getResult(ApiException.class);
firebaseAuthWithGoogle(account);
Toast.makeText(getApplicationContext(), getResources().getString(R.string.Login_successful), Toast.LENGTH_LONG).show();
username = mDetailTextView.getText().toString();
} catch (ApiException e) {
// Google Sign In failed, update UI appropriately
Log.w(TAG, "Google sign in failed", e);
}
}
}
// [END onActivityResult]
// [START auth_with_google]
private void firebaseAuthWithGoogle(GoogleSignInAccount acct) {
Log.d(TAG, "firebaseAuthWithGoogle:" + acct.getId());
// [START_EXCLUDE silent]
showProgressBar();
// [END_EXCLUDE]
AuthCredential credential = GoogleAuthProvider.getCredential(acct.getIdToken(), null);
mAuth.signInWithCredential(credential)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
@Override
public void onComplete(@NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
// Sign in success, update UI with the signed-in user's information
Log.d(TAG, "signInWithCredential:success");
FirebaseUser user = mAuth.getCurrentUser();
} else {
// If sign in fails, display a message to the user.
Log.w(TAG, "signInWithCredential:failure", task.getException());
Snackbar.make(findViewById(R.id.main_layout), "Authentication Failed.", Snackbar.LENGTH_SHORT).show();
}
// [START_EXCLUDE]
hideProgressBar();
// [END_EXCLUDE]
}
});
}
// [END auth_with_google]
// [START signin]
private void signIn() {
Intent signInIntent = mGoogleSignInClient.getSignInIntent();
startActivityForResult(signInIntent, RC_SIGN_IN);
}
// [END signin]
@Override
public void onClick(View v) {
int i = v.getId();
if (i == R.id.signInButton) {
signIn();
}
}
}
我将值推送到数据库的代码:
EditText wordInputView;
String searchKeyword;
String username;
public static DatabaseReference mRootReference = FirebaseDatabase.getInstance().getReference();
public static DatabaseReference mChildReferenceForInputHistory = mRootReference.child("Users' Input History");
public static DatabaseReference mChildReferenceForVocabularyList = mRootReference.child("Users' Vocabulary List");
searchKeyword = wordInputView.getText().toString();
Query query = mChildReferenceForInputHistory.child(username).orderByValue().equalTo(searchKeyword);
query.addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@NonNull DataSnapshot dataSnapshot) {
for (DataSnapshot snapshot: dataSnapshot.getChildren()) {
//If a duplicate value (searchKeyword) is found, remove it.
snapshot.getRef().setValue(null);
}
}
@Override
public void onCancelled(@NonNull DatabaseError databaseError) {
throw databaseError.toException();
}
});
mChildReferenceForInputHistory.child(username).push().setValue(searchKeyword);
//Initialize the adapter
userInputArrayAdapter = new ArrayAdapter<>(this, android.R.layout.simple_list_item_1, userInputArraylist);
userInputListview.setAdapter(userInputArrayAdapter);
mChildReferenceForInputHistory.addChildEventListener(new ChildEventListener() {
@Override
public void onChildAdded(@NonNull DataSnapshot dataSnapshot, @Nullable String previousChildKey) {
for (DataSnapshot snapshot : dataSnapshot.getChildren()){
String value = snapshot.getValue(String.class);
userInputArraylist.add(value);
HashSet<String> myVocabularyArraylistHashSet = new HashSet<>();
myVocabularyArraylistHashSet.addAll(userInputArraylist);
userInputArraylist.clear();
userInputArraylist.addAll(myVocabularyArraylistHashSet);
//Alphabetic sorting
Collections.sort(userInputArraylist);
userInputArrayAdapter.notifyDataSetChanged();
}
}
@Override
public void onChildChanged(@NonNull DataSnapshot dataSnapshot, @Nullable String s) {
}
@Override
public void onChildRemoved(@NonNull DataSnapshot dataSnapshot) {
}
@Override
public void onChildMoved(@NonNull DataSnapshot dataSnapshot, @Nullable String s) {
}
@Override
public void onCancelled(@NonNull DatabaseError databaseError) {
}
});
来自 Firebase 文档:
If a rule grants read or write permissions at a particular path, then it also grants access to all child nodes under it.
在您的情况下,您向所有经过身份验证的用户授予 .read 权限,因为这部分:
"rules": {
".read": "auth.uid != null",
".write":"auth.uid != null",
... 向所有经过身份验证的人授予读取权限,因为这是您的路由目录,他们还授予他们读取 "Users' Input History" 和 "Users' Vocabulary List" 的权限,因为这在您的路由下。
.validate 规则仅在您写入数据时使用,它们定义了数据应该是什么。 回到你的问题,在你的用例中你应该重新考虑重组你的数据库并设置新的规则。 一种可能的解决方案是设置这些规则:
{
"rules": {
"Users' Input History": {
"$user": {
".read": "auth.uid === $user",
".write": "auth.uid === $user"
}
},
"Users' Vocabulary List": {
"$user": {
".read": "auth.uid === $user",
".write": "auth.uid === $user"
}
}
}
}
在这种情况下,您只授予用户 111 读写“/Users' Input History/111”和“/Users' Vocabulary List/111”的权限,因此如果您有更多孩子root 您必须为它们中的每一个定义规则。