Firebase 规则 - 读写不一样

Question

我正在尝试以简单的方式使用 "read" 和 "write" 规则， 似乎相同的条件会导致每个人的行为不同。

我的规则：

{
    "rules": {
        ".read": true,
        ".write": false,
        "chat": {
            ".write": true
        },
        "users": {
            "$user_id": {
                 ".read": "$user_id === auth.uid",
                 ".write": "$user_id === auth.uid"
            }
        }
    }

从模拟器写入响应：

Attempt to write {"key":"value"} to /users/1 with auth={"provider":"anonymous","uid":"1234"}
    /:.write: "false"
        => false
    /users
    /users/1:.write: "$user_id === auth.uid"
        => false

No .write rule allowed the operation.
Write was denied.

从模拟器读取响应：

Attempt to read /users/1 with auth={"provider":"anonymous","uid":"1234"}
    /: "true"
        => true

Read was allowed.

为什么？

Answer 1

在规则的顶层，您允许读取并禁止写入。

{
    "rules": {
        ".read": true,
        ".write": false,

Firebase 规则自上而下地工作：一旦您在某个级别上允许某些内容，您就不能在较低级别上将其删除。 Firebase documentation 是这样说的：

This is a critical concept of understanding Security and Firebase Rules. The child rules can only grant additional privileges to what parent nodes have already declared. They cannot revoke a read or write privilege.

所以您的顶级 ".read": true 会取代您放置在较低级别的任何阅读规则。