如何授予从Firebase身份验证和数据库对特定UID的读/写访问权限 [英] How to grant read-read/write access to specific UIDs from Firebase Auth and Database

问题描述

从最近的研究中，我一直在努力理解如何实现为系统中的某些用户授予不同的访问级别的理解.我希望能够授予一个用户读访问权限，并向另一个用户授予读/写引用其uid的权限.要实现此目标需要做哪些工作?

I have been struggling to grasp an understanding from recent researching of how to implement to grant different access levels to certain users in my system. I want to be able to grant one user read access and another with read/write referencing their uid. What work is required to implement this?

我是否需要重组数据库以及JSON规则的结构如何?

Do I need to restructure my DB and how are my JSON rules structured?

更新-实施了新规则和数据库结构

商店01的当前数据库参考-

Current DB reference for store 01 -

database = FirebaseDatabase.getInstance().getReference("stores").child("Store 01").child("Task List"); //Find the Task List table in database and making a reference.

将规则结构更新为以下

{
"rules": {

"stores": {
        ".read": "auth != null && (root.child('readUsers').hasChild(auth.uid) || root.child('readWriteUsers').hasChild(auth.uid))",
        ".write": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)"
  },

"readUsers": {
        ".read": "auth != null && root.child('readUsers').hasChild(auth.uid)",
        ".write": false   
},


"readWriteUsers": {
        ".read": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)",
        ".write": false   
}

} }

数据库结构已更新为以下

推荐答案

一种解决方案是让一些特定的数据库节点列出您的用户，如下所示:

One solution is to have some specific database nodes listing your users, as follows:

{
  "rules": {

    "Store01": {
            ".read": "auth != null && (root.child('readUsers').hasChild(auth.uid) || root.child('readWriteUsers').hasChild(auth.uid))",
            ".write": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)"
      },

    "readUsers": {
            ".read": "auth != null && root.child('readUsers').hasChild(auth.uid)",
            ".write": false   
    },


    "readWriteUsers": {
            ".read": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)",
            ".write": false   
    }

  }
}

但是，对于您的数据模型，将会出现问题，因为您要创建多个stores作为数据库根节点.每次创建新商店时，都需要更新安全规则！

However, with your data model, there will be a problem because you are creating multiple stores as database root nodes. Each time you create a new store you would need to update the security rules!

您需要在父节点中创建这些存储，例如stores.因此，使用新的readUsers和readWriteUsers节点，您的数据库将如下所示:

You need to create these stores in a parent node, e.g. stores. Therefore, with the new readUsers and readWriteUsers nodes, your database would look like the following:

- task-list-for-managers
   - stores
     - Store01
        - ....  
     - Store02
        - ....    
   - readUsers
     - WV0676TY67TY9: true   //user Id
     - PU8776TIU6543: true   
     - .....
   - readWriteUsers
     - BD563DHDV7669: true   //user Id
     - 87RSBE6383912: true   
     - .....

规则如下:

{
  "rules": {

    "stores": {
            ".read": "auth != null && (root.child('readUsers').hasChild(auth.uid) || root.child('readWriteUsers').hasChild(auth.uid))",
            ".write": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)"
      },

    "readUsers": {
            ".read": "auth != null && root.child('readUsers').hasChild(auth.uid)",
            ".write": false   
    },


    "readWriteUsers": {
            ".read": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)",
            ".write": false   
    }

  }
}

请注意，如此处所述，请阅读并编写规则级联:

Note that, as explained here, read and write Rules cascade:

如果规则授予对特定路径的读取或写入权限，则 它还授予对其下所有子节点的访问权限.

If a rule grants read or write permissions at a particular path, then it also grants access to all child nodes under it.

这篇关于如何授予从Firebase身份验证和数据库对特定UID的读/写访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！