Firebase如何为树中深2级随机ID的孩子编写安全规则 [英] Firebase how to write security rule for a child that is 2 level random id deep in the tree
问题描述
我有一个名为(people)的数据库节点,如下所示:
I have a database node called (people) that looks like this:
people
|
|
-------UserID1 //which is a random id
| |
| |
| ----UserId2 //which is a random id
| |
| |
| name:"some_name"
| id:"UserId2"
| image:"image_url"
|
|
|
-------UserId2
|
|
----UserId3
|
|
name:"some_name"
id:"UserId3"
image:"image_url"
如果我们查看(people/UserID1/UserId2)节点:
由于UserId1和UserId2是2个随机ID,所以如果我们要向UserId2写入规则,我们会注意到它的深度是2个随机ID.
Since UserId1 and UserId2 are 2 random ids, then if we want to write a rule to UserId2 we will notice that it is 2 random id level deep.
我要在此指定的路径上写一条规则,说明以下内容:
What I want is to write a rule at this specified path that says these:
1)people/UserId1:可以由(UserID1)和(UserId2)编写.
1) people / UserId1 : can be written by (UserID1) and (UserId2).
2)people/UserId1:可由(UserID1)和(UserId2)读取.
2) people / UserId1 : can be read by (UserID1) and (UserId2).
3)people/UserId1/UserId2:必须以带有(名称,id,图像)的newData结尾.
3) people / UserId1 / UserId2 : must end up with a newData that has (name, id, image).
我该怎么做?
谢谢.
推荐答案
由于Firebase实时数据库规则级联进入更深的键,不建议允许people/UserId1由UserId2写入,因为这将允许UserId2对存储在people/UserId1/UserId3.
Due to the way Firebase Realtime Database rules cascade into deeper keys, allowing people/UserId1 to be writable by UserId2 is not advised, as this would allow UserId2 write access to the data of other users stored under people/UserId1 like people/UserId1/UserId3.
但是使用此特征,我们可以添加"允许阅读和使用的用户.随着我们对数据结构的深入了解,将获得写权限.
But using this trait, we can "add" users that are allowed read & write permissions as we go deeper into the data structure.
所以新的条件是:
-
people/UserId1-UserId1已读取&写访问权限 -
people/UserId1/UserId2-UserId2已读取&写访问权限 -
people/UserId1/UserId2-必须始终包含名称","id"和图像"键 -
people/UserId1/UserId3-UserId2无法读取/写入
people/UserId1- UserId1 has read & write accesspeople/UserId1/UserId2- UserId2 has read & write accesspeople/UserId1/UserId2- must always contain 'name', 'id' and 'image' keyspeople/UserId1/UserId3- cannot be read/written by UserId2
{
"rules": {
"people": {
"$userId1": {
"$userId2": {
".read": "auth.uid == $userId2", // add $userId2 to those granted read permission, cascades into deeper keys
".write": "auth.uid == $userId2", // add $userId2 to those granted write permission, cascades into deeper keys
".validate": "newData.hasChildren(['name', 'id', 'image'])" // any new data must have 'name', 'id' and 'image' fields.
},
".read": "auth.uid == $userId1", // add $userId1 to those granted read permission, cascades into deeper keys
".write": "auth.uid == $userId1" // add $userId1 to those granted write permission, cascades into deeper keys
}
}
}
最后,如果还要求people/UserId1/UserId2/id等于UserId2,则可以更改".validate"规则以强制执行此操作:
Lastly, if it is also required that people/UserId1/UserId2/id is equal to UserId2, you can change the ".validate" rule to enforce this:
".validate": "newData.hasChildren(['name', 'id', 'image']) && newData.child('id').val() == $userId2" // any new data must have 'name', 'id' and 'image' fields and 'id' must have a value of $userId2
这篇关于Firebase如何为树中深2级随机ID的孩子编写安全规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
