FireBase - 如何列出用户特定的数据? [英] FireBase - how to list user-specific data?

问题描述

目前我一直在看FireBase，一直在用AngularJS插件，发现了下面这个问题，我解决不了.

Currently I've been looking at FireBase, and have been using the AngularJS plugin, and have found the following problem I cannot get out of.

我目前已经实现了简单的登录系统.注册后用我的邮箱和密码登录，我创建了一个这样的帖子:

I currently have implemented the simple login system. Logged in with my mail and password after registering, I create a post like this:

post = {
 name: "Hi",
 message: "Guys",
 user_id: Auth.user.id // for my current user this is 1
}
posts.$add(post)

从现在开始一切都很好.现在我想做的是在 firebase 上的帖子/端点中，我只想显示当前登录用户的帖子.

From this point on everything is fine. Now what I wanted to do is that in the posts/ endpoint on firebase, I want only to display the posts of the user currently logged in.

其他用户可能可以通过拥有一个公共布尔变量来阅读其他人的帖子(但这是以后的事)

Other users may be able to read posts of others by having a public boolean variable (but that's for later)

我一直在研究 Firebase 的安全 API(请参阅:https://www.firebase.com/docs/security/security-rules.html)目前我有这个:

I've been looking at the security API of Firebase (see: https://www.firebase.com/docs/security/security-rules.html) Currently I have this:

{
    "rules": {
        "posts": {
            "$post": {
              ".read": "data.child('user_id').val() == auth.id",
              ".write": "(data.child('user_id').val() == auth.id) || (newData.child('user_id').val() == auth.id)"
            }
        }   
    }
}

它在一定程度上有效，我只有登录才能写帖子，但我看不到任何帖子！

It works to a certain extend, I can write posts only if I'm logged in, but I cannot read any posts!

posts = new Firebase(base + '/posts')
posts = $firebase(posts)

错误是:FIREBASE WARNING: on() or once() for/posts failed: Error: permission_denied: 客户端没有访问所需数据的权限.

The error is: FIREBASE WARNING: on() or once() for /posts failed: Error: permission_denied: Client doesn't have permission to access the desired data.

如果有人有解决方案，那就太棒了！

If anyone has a solution then that would be awesome!

推荐答案

安全规则不能用作数据过滤器.您不能只读取整个帖子路径并期望只检索您允许查看的记录.相反，您需要以一种可以读取整个路径的方式构建数据，或者存储可查看记录的索引并单独获取它们.

Security rules cannot be used as data filters. You can't just read the entire posts path and expect to only retrieve the records you're allowed to see. Instead, you need to architect your data in a manner that you can read the whole path, or store an index of which records are viewable and fetch them separately.

例如，按组ID或按用户ID存储记录:

For example, store the records by group ids or by user ids:

/posts/$group/data...
/posts/$user/data...

然后您可以通过将用户分配到适当的组并简单地获取这些组的消息来确保您的用户具有权限:

And then you can ensure your users have permissions by assigning them to appropriate groups, and simply fetching the messages for those groups:

var ref = new Firebase(base + '/posts/' + GROUP_ID);
var posts = $firebaseArray(ref);

或者您可以创建每个用户/组/等可以查看的消息索引:

Or you can create an index of messages each user/group/etc may view:

/posts/$post_id/data...
/posts_i_can_view/$user_id/$post_id/true

并从主列表中单独获取它们.像 Firebase-util 这样的工具会让这件事变得更简单:

And fetch them individually from the master list. A tool like Firebase-util will make this much simpler:

var fb = new Firebase(base);
var ref = Firebase.util.NormalizedCollection(
   fb.child('posts_i_can_view/'+USER_ID),
   fb.child('posts')
)
.select('posts.message', 'posts.user_id')
.ref();

var posts = $firebaseArray(ref);

进一步阅读 Firebase 数据结构:

Further reading on Firebase data structures:

https://www.firebase.com/docs/web/指南/structuring-data.htmlhttps://www.firebase.com/docs/web/guide/understanding-data.htmlhttps://www.firebase.com/blog/2013-04-12-denormalizing-is-normal.html

这篇关于FireBase - 如何列出用户特定的数据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！