Firebase:如何构建公共/私人用户数据 [英] Firebase: How to structure public/private user data

问题描述

当然，我的数据库中的用户拥有可以公开访问的信息，而其他信息只有他们应该看到.我正在考虑两种不同的实现方式.

Naturally the users in my database have information that can be publicly accessible and other information only they should see. I'm considering two different ways to implement this.

选项 1: 让 /users/$uid 只能被该用户读取，并且让 /users/$uid/profile 被该用户读取任何人.

Option 1: Have /users/$uid readable only by that user and have /users/$uid/profile be readable by anyone.

选项 2: 保持 /users/$uid 只有该用户可读，并且有一个公开的 /profiles/$uid.这遵循了对扁平化数据结构的建议，但我不认为在这种情况下它会更好.

Option 2: Keep /users/$uid readable only by that user and have a /profiles/$uid that is public. This follows the recommendation for a flatter data structure, but I don't see how it is better in this case.

推荐答案

了解扁平"结构为何更好的最简单方法是查看如何保护它以及如何实现功能.

The easiest way to see why the "flatter" structure is better is to look at how you'd secure it and how you'd then implement functionality.

你的第一个结构是:

users: {
  uidOfJacob: {
    stackId: 884522,
    ssn: "999-99-9999",
    profile: {
      displayName: "Jacob Philips"
    }

  },
  uidOfPuf: {
    stackId: 209103,
    ssn: "999-99-9999",
    profile: {
      displayName: "Frank van Puffelen"
    }
  }
}

您可以通过以下方式保护它:

You'd secure it with:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "auth.uid == $uid",
        ".write": "auth.uid == $uid"
        "profile": {
          ".read": true
        }
      }
    }
  }
}

拥有公开信息的主要原因之一是能够显示该信息的列表.在 JavaScript 中:

One of the main reasons for having public information is to be able to show a list of that information. In JavaScript:

ref.child('users').child(???).child('profile').on('child_added'...

这行不通，因为我们在 ??? 中放了什么.Firebase 操作需要能够从一个位置读取整个列表，并且用户需要对整个位置(不仅仅是单个子节点)具有读取权限.

This won't work, because what do we put in ???. Firebase operations need to be able to read the entire list from one location, and the user needs to have read permission on that entire location (not just to the individual child nodes).

如果我们构造数据以将公共信息与私人信息分开，我们得到:

If we structure the data to separate the public information from the private information, we get:

users: {
  uidOfJacob: {
    stackId: 884522,
    ssn: "999-99-9999",
    profile: {
      displayName: "Jacob Philips"
    }

  },
  uidOfPuf: {
    stackId: 209103,
    ssn: "999-99-9999",
    profile: {
      displayName: "Frank van Puffelen"
    }
  }
},
"profile": {
  uidOfJacob: {
    displayName: "Jacob Philips"
  },
  uidOfPuf: {
    displayName: "Frank van Puffelen"
  }
}

您可以通过以下方式保护它:

You'd secure it with:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "auth.uid == $uid",
        ".write": "auth.uid == $uid"
      }
    },
    "profiles": {
      ".read": true,
      "$uid": {
        ".write": "auth.uid == $uid"
      }
    }
  }
}

不要获取公共用户个人资料的列表，您可以这样做:

Not to get a list of the public user profiles, you'd do:

ref.child('profiles').on('child_added'...

这会奏效，因为每个人都对 profiles 拥有读取权限.

This will work, because everyone has read permission on profiles.

这篇关于Firebase:如何构建公共/私人用户数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！