允许特定的用户写访问 [英] Allowing specific user write access
问题描述
我在Firebase的读/写规则上受了限制.我希望我能在检查身份验证时设置断点(没有办法,有吗?).
I'm kind of stymied on my Firebase read/write rules. I wish I had a way to set break points as it's checking authentication (there isn't a way, is there?).
我的问题很简单,我觉得我应该能够更好地理解它.我觉得大部分原因是不完全了解规则.此信息是一种简单的在线查看产品的方式,所有者需要能够添加产品.因此,我希望全世界都能阅读,并且希望登录的人能够写作.
My question is fairly simple and I feel like I should be able to understand it better. I feel like most of stems from not understanding fully the rules. This information is for a simple way to view products online and the owner needs to be able to add products. So I want the world to be able to read and people who log in be able to write.
我的数据如下:
app
Users
email: xxx@xxx.com
product
0
name: pizza
我的规则:
{
"rules": {
"product":{
".read": true,
".write":"root.child('Users').child(auth.uid).child('email').val() === 'testuser@test.com'"
}
}
}
我对这意味着什么不太了解.我真的只想说,如果用户已登录,则允许写入功能.我希望我可以像".write": "auth"这样表示如果存在auth(用户已登录),然后让他写.但是我显然不完全了解规则的工作原理.我正在使用简单的电子邮件/密码身份验证.
and I don't have a great grasp of what this means. I really just want to say, if the user is logged in, allow write capabilities. I would have hoped I could so something like ".write": "auth" meaning that if auth exists (user is logged in) then let him write. But I'm clearly not fully understand how the rules work. I'm using simple email/password authentication.
如何测试这些规则,如何将参数传递给它们?
How are these rules tested and how do I pass parameters to them?
推荐答案
我将尝试说明您的.write安全规则,即:
I'll try to explain your .write security rule, which is:
"root.child('Users').child(auth.uid).child('email').val() === 'testuser@test.com'"
这确实不是最容易上手的规则,并且Firebase文档确实很快进入了更深层次.
This is indeed not the easiest rule to start with and the Firebase documentation admittedly dives into the deep rather quickly.
使用Twitter登录到我的应用程序后,我的代码将得到一个authData变量,告诉它:
After I log on to my application with twitter, my code will get an authData variable that tells it:
authData
uid: "twitter:4511241"
provider: "twitter"
id: "4511241"
可能还有其他一些属性,但这应该是要点. authData通常将包含一个子对象,该子对象具有特定于提供者的属性,因此在这种情况下,twitter且您通常可以在其中找到一些非常有趣的东西.例如在Twitter的情况下,用户的Twitter名称.
There might be a few more properties, but this should be the gist of it. The authData will typically contain a child object with properties that are specific to the provider, so in this case twitter and you can normally find some pretty interesting stuff there. Such as in the case of Twitter, the user's twitter name.
authData
uid: "twitter:4511241"
provider: "twitter"
id: "4511241"
twitter:
userName: "puf"
email: "puf@twitter.com" // note: this is just an example email address,
// it doesn't exist (as far as I know)
此对象可用于我的代码,默认情况下,它不存储在Firebase中的任何位置.
This object is made available to my code, it is not stored anywhere in Firebase by default.
在安全规则中,您可以检查相同的结构.但是,这里只有一小部分信息可用,足以识别用户. auth对象的Firebase文档命名以下属性:
In your security rules, you can check against the same structure. But only a minimal subset of the information is available here, just enough to identify the user. The Firebase documentation for the auth object names these properties:
提供者 |使用的身份验证方法(密码",匿名","facebook","github","google"或"twitter").
provider | The authentication method used ("password", "anonymous", "facebook", "github", "google", or "twitter").
uid |唯一的用户ID,保证在所有提供商中都是唯一的.
uid |A unique user id, guaranteed to be unique across all providers.
有了这些属性,我们已经可以允许特定用户对我们的数据进行写访问.就像我在对您的答案的评论中所说的那样:
With these properties, we can already allow a specific user write access to our data. Like I said in my comment to your answer:
".write": "auth.uid = 'twitter:4511241'"
这将允许我使用@puf Twitter帐户登录时写入数据.但不幸的是,它不允许我检查用户更友好的属性,例如电子邮件地址.
This will allow me to write data when I log on with my @puf twitter account. But unfortunately it doesn't allow me to check against more user-friendly properties, such as the email address.
一种常见的做法是在Firebase中创建一个顶级Users节点,并为该节点下的所有用户添加所有信息(由其uid标识).因此,在上述情况下:
A common practice is to create a top-level Users node in your Firebase and add all the information for all the users under that node, identified by their uid. So in my case above:
Users
twitter:4511241
userName: "puf"
displayName: "Frank van Puffelen"
email: "puf@twitter.com"
github:913631
userName: "puf"
displayName: "Frank van Puffelen"
email: "puf@github.com"
我在此处保留了提供者和ID,因为它们没有为示例提供太多价值
当您知道用户的uid时,您可以在此节点中查找他的其他信息.这正是您之前拥有的安全规则所要做的:
When you know a user's uid, you can look up his additional information in this node. And that is exactly what the security rules you had before does:
"root.child('Users').child(auth.uid).child('email').val() === 'testuser@test.com'"
因此,这将从Firebase的根目录开始,查找名为Users的节点,然后查找登录用户的uid以及该用户的电子邮件地址.
So this will look from the root of your Firebase, for a node called Users, then for the uid of the logged in user and under that his/her email address.
关于检查特定电子邮件地址的很酷的事情是,它与用户的提供者无关.因此,无论用户使用Twitter,github,facebook或其他受支持的提供商登录,只要他们为每个帐户使用相同的电子邮件地址,他们就可以写入数据.
The cool thing about checking for a specific email address, is that it is not tied to the user's provider. So no matter whether the user is logged on with twitter, github, facebook or some other supported provider, as long as they used the same email address for each account, they will be able to write the data.
这篇关于允许特定的用户写访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
