问题描述
我是Firebase的新手,我试图了解规则,在该规则中,将使用经过身份验证的用户ID来保护数据.我在客户端上使用Angularfire2.而且我正在使用电子邮件/密码身份验证,效果很好.
I'm new to Firebase, and I'm trying to understand rules where authenticated user id is to be used for securing data. I'm using Angularfire2 on the client. And I'm using email/password authentication, which works fine.
如果我设置数据库规则以允许对经过身份验证的用户进行读写操作,则一切正常,最终我在Firebase数据库中获得了以下数据...
If I set my database rules to allow read and write for authenticated users, everything works fine, and I end up with the following data in the Firebase database...
{
"notes" : {
"-KmgjG9hxoXOTtuLTItz" : {
"content" : "test",
"title" : "Test note 1",
"uid" : "iLH4Kg20shViwJebCmU8Ynp0OG23"
},
{
"-Kmh5igvItrJstbAhRpq" : {
"content" : "test",
"title" : "Test note2",
"uid" : "iLH4Kg20shViwJebCmU8Ynp0OG23"
}
}
}
现在,我想在经过身份验证的用户与在每个对象上设置的用户ID(uid)匹配的情况下限制读写权限,所以我将规则更改如下...
Now I want to restrict read and write permissions where the authenticated user matches the user id (uid) set on each object, so I changed the rules as follow...
{
"rules": {
"notes": {
".read": "data.child('uid').val() == auth.uid",
".write": "newData.child('uid').val() == auth.uid"
}
}
}
但是,这不起作用.读取失败,并显示...
However, this does not work. Reads fail with...
...并且写入失败并带有...
...and writes fail with...
我知道用户已通过身份验证,因为如果我按照以下规则对用户ID进行硬编码,则可以正常工作...
I know that the user is authenticated because if I hard-code the user id in the rules like below, it works just fine...
{
"rules": {
"notes": {
".read": "auth.uid == 'iLH4Kg20shViwJebCmU8Ynp0OG23'",
".write": "auth.uid == 'iLH4Kg20shViwJebCmU8Ynp0OG23'"
}
}
}
推荐答案
我能够通过重组数据模式来解决此问题,将用户ID放在路径中,而不是对象中,例如/users/< -uid->/notes/,并使用以下规则...
I was able to solve this by restructuring my data schema, putting the user id in the path, not in the object, e.g., /users/<-uid->/notes/, and using the following rules...
{
"rules": {
"users": {
"$userId": {
".read": "$userId === auth.uid",
".write": "$userId === auth.uid"
}
}
}
}
根据有关规则不是过滤器"的评论,我现在明白了.让我感到困扰的是,Firebase数据库规则文档所指的是具有键值对的子级",例如,...
As per the comments regarding "rules are not filters", I get that now. The thing that was tripping me up was where the Firebase database rules doc was referring to "children" with key-value pairs, e.g.,...
".read": "data.child('isReadable').val() == true"
对我来说,这意味着JSON数据结构就是这样...
To me that implied that the JSON data structure is something like this...
{ ..., isReadable: true, ...}
但是我想这是指位置路径,例如/users/fred/isReadble或类似的东西.不太确定.好像很奇怪但是无论如何,我都能正常工作.
But I guess that is referring to location paths, e.g., /users/fred/isReadble or something like that. Not quite sure. It seems odd. But regardless, I got it working.
这篇关于如何设置Firebase数据库规则以保护每个用户的数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!