阵列中子项目的Firebase安全规则 [英] Firebase security rules for child items in arrays
问题描述
我的Firebase中具有以下数据结构:
I have the following data structure in my firebase:
{
"groups" : {
"-KEFQ7rTQscPX4hqn6ec" : {
"createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
"description" : "Test",
"isPublic" : true,
"title" : "T1"
},
"-KEFQao_Wd-Y-nLzIx2e" : {
"createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
"description" : "B",
"isPublic" : false,
"title" : "E"
}
}
,并且正在努力实现以下目标:
and am trying to achieve the following:
- 每个人都可以阅读所有带有"isPublic" == true的组
- 只有登录的用户才能看到他们创建的组
我的第一种方法是:
{
"rules": {
"groups": {
".read": true,
"$id": {
".read": "data.child('isPublic').val() === true"
}
}
}
}
此stackoverflow帖子解释了为什么它不起作用,但是我不知道如何使它工作.
This stackoverflow post explains why it doesn't work, but I couldn't figure out how I can make it work.
这篇文章为公共/私人问题提供了解决方案(我的第一个问题),但不是第二个问题.
This post has a solution for the public/private problem (my 1. question) but not for the second question.
感谢@VonD为公共/私人问题提供了可行的解决方案.
Thanks to @VonD for the working solution for the public/private problem.
使用此解决方案,可以解决公共/私有问题.考虑到一个私有组有许多成员,并且它们的用户ID将存储在另一个数组成员"中-如果我是成员,我将如何只允许访问该组?
With this solution the problem with public/private is solved. Considering that a private group has many members and the user ids of them would be stored in another array "members" - how would I only allow access to the group if I am a member?
"privateGroups": {
"b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c": {
"-KEFQao_Wd-Y-nLzIx2e" : {
"createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
"description" : "B",
"title" : "E",
"members": [userId1, userId2, userId3...]
}
}
}
推荐答案
您的文档结构无法实现所需的安全规则:如果您想表示给定的用户可以阅读一些给定节点的子文档,用户将只能使用其完整路径访问它们,例如"groups/-KEFQao_Wd-Y-nLzIx2e",但他将无法检索与给定条件匹配的组列表(当然,除非您在其他路径上维护用户可以访问的组的列表,否则就意味着您将为每个用户复制所有公共组的ID.)
The required security rules cannot be implemented with your document structure : if you want to express that a given user can read some of the child documents of a given node, the user will only be able to access them with their full path, for example "groups/-KEFQao_Wd-Y-nLzIx2e", but he will not be able to retrieve a list of groups matching the given criteria (unless of course you maintain at a different path a list of the groups the user can access, which means you would duplicate all public groups ids for each user).
最适合Firebase安全规则的文档结构为:
A document structure that would better fit firebase security rules would be :
{
"publicGroups": {
"-KEFQ7rTQscPX4hqn6ec" : {
"createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
"description" : "Test",
"title" : "T1"
}
},
"privateGroups": {
"b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c": {
"-KEFQao_Wd-Y-nLzIx2e" : {
"createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
"description" : "B",
"title" : "E"
}
}
}
}
然后可以轻松实施安全规则:
Security rules would then be easy to implement:
{
"publicGroups": {
".read": true
},
"privateGroups": {
"$userId": {
".read": "auth.uid === $userId"
}
}
}
希望有帮助.
这篇关于阵列中子项目的Firebase安全规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!