Firebase 安全规则未按预期工作
firebase security rules not working as expected
我正在尝试了解安全规则结构是如何工作的。我有这些规则:
{
"rules": {
"level1": { //public info
".read": true,
".write": true,
"level2": { //private info
".read": false,
".write": false
}
}
}
}
然后使用模拟器进行测试,我希望 r/w 可以访问 level1,而不是 level2...
但结果是我 r/w 可以访问 两个 级别。
那个怎么样?我错过了什么吗?
谢谢。
当您在一个级别上授予(读取或写入)访问权限时,您无法撤消较低级别的访问权限。请参阅 Firebase documentation on security 中的这句话:
Rules Cascade
SECURITY AND FIREBASE RULES WORK FROM THE TOP-DOWN
This is a critical concept of understanding Security and Firebase Rules. The child rules can only grant additional privileges to what parent nodes have already declared. They cannot revoke a read or write privilege.
我正在尝试了解安全规则结构是如何工作的。我有这些规则:
{
"rules": {
"level1": { //public info
".read": true,
".write": true,
"level2": { //private info
".read": false,
".write": false
}
}
}
}
然后使用模拟器进行测试,我希望 r/w 可以访问 level1,而不是 level2...
但结果是我 r/w 可以访问 两个 级别。 那个怎么样?我错过了什么吗?
谢谢。
当您在一个级别上授予(读取或写入)访问权限时,您无法撤消较低级别的访问权限。请参阅 Firebase documentation on security 中的这句话:
Rules Cascade
SECURITY AND FIREBASE RULES WORK FROM THE TOP-DOWN
This is a critical concept of understanding Security and Firebase Rules. The child rules can only grant additional privileges to what parent nodes have already declared. They cannot revoke a read or write privilege.