Firebase安全规则以读取部分对象 [英] Firebase security rules to read partial objects

问题描述

我不知道如何使用Firebase数据库过滤数据.我读过规则不能用于过滤器.但是那又如何呢?

I can't figure out how to filter data using Firebase database. I've read that rules can't be used for filters. But then how?

我想要一种类似于下面的数据结构.即由特定时间段内不同用户创建的帖子列表(由于无法确定放置位置，因此在下面的布局中不包含user-id)

I'd like a datastructure somewhat like the one below. i.e. a list of posts created by different users due for a specified time (user-id is not included in the layout below as I'm not sure where to put it)

posts: {
  "-LKwbZsfy55d24kwX4t1" : {
      when: {
        from: "2019-01-01 10:00",
        to: "2019-01-01 11:00"
      content: {
        text: "Hello"
      }
  },
  "-LKwbZsfy55d24kwX4t2" : {
      when: {
        from: "2019-01-02 10:00",
        to: "2019-01-02 11:00"
      content: {
        text: "Another hello"
      }
  }
}

我希望每个人都能阅读所有帖子，因此我的同步路径为'/posts'

I would like everyone to be able to read all posts so my sync path is '/posts'

但只有创建帖子的用户才能看到内容".因此，我需要以某种方式说那些帖子具有".read":true，内容具有".read":$ uid == auth.uid(这不可能，因为无法通过子路径撤消访问权限)

BUT only the user that created the post should be able to see the 'content'. So I somehow need to say that posts has ".read" : true, and content has ".read": $uid == auth.uid (which is not possible since access cannot be revoked by a child path)

推荐答案

如果您当前的数据结构使得无法根据需要保护数据，请考虑对其进行重组，以使安全规则成为可能.换句话说，不要将受保护的数据嵌套在公共数据下.将受保护的数据放在其自己的顶级子级中.

If your current data structure makes it impossible to secure the data to your needs, considered restructuring it so that security rules become possible. In other words, don't nest protected data under public data. Put protected data in its own top-level child.

"posts-public": {
    "-LKwbZsfy55d24kwX4t1": {
        // public data here
    }
},
"posts-private": {
    "-LKwbZsfy55d24kwX4t1": {
        // private data here
    }
}

现在，您可以编写安全规则以彼此独立地保护它们.

Now you can write security rules to protect them independently from each other.

这篇关于Firebase安全规则以读取部分对象的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！