Firebase规则,像过滤器一样工作 [英] Firebase rule that works like a filter
问题描述
当在用户节点上使用 .read 的真规则时,我授予访问一些经过验证的用户读取该树上列出的每个用户的权限。我只需要一些。
我需要一些像过滤器一样的规则。因此,在获取用户/路径时,这个经过身份验证的用户将获得仅限的用户数组,这些用户拥有像 $ uid>这样的权限路径。权限> auth.uid = true 。
{
rules:{
Users:{
.read:true,
$ uid:{
.read:(auth!= null&& auth.uid = == $ uid)|| root.child('Users /'+ $ uid +'/ permission /'+ auth.uid).val()== true,
.write:false
$ div class =h2_lin>解决方案
您的外部读取规则
您不能使用规则作为过滤器,它们是您要读取/写入的特定分支的原子。可以访问整个 / Users 分支。删除它并拥有你想要阅读的userId将会得到你所期望的行为。所以,不幸的是,只有在阅读 ref.child(Users)。child(targetUserId).once ... 。
$$ {$ b $$$ {$ b $$$$$ {$ b $ .read:(auth!= null&& auth.uid === $ uid)|| root.child('Users /'+ $ uid +'/ permission /'+ auth.uid).val() == true,
.write:false
}
}
}
}
$ b
如果您希望在一次调用中获得经过身份验证的用户有权访问的用户标识列表,您实际上将可访问的用户保存在 / User / userId 中,而不是可以读取的用户。
{
rules:{
Users:{
$ uid:{
.read:(auth!= null&& auth.uid === $ uid)|| root.child('Users /'+ auth .uid +'/ accessibleUsers /'+ $ uid).val()== true,
.write:false
}
}
}
另外,在缩放时,这可能会变得很复杂,这取决于你为你的应用程序设计的是什么,应该考虑在单独的分支(在用户之外)拥有这个可访问的用户列表。
When using .read with a true rule on the Users node, I give access to some authenticated user read every user listed on that tree. I need just some of then.
I need some rule that works like a filter. So on getting User/ path, this authenticated user will get an users array of only those that have permission path like this $uid > permission > auth.uid = true.
{
"rules": {
"Users" : {
".read": true,
"$uid" : {
".read" : "(auth != null && auth.uid === $uid) || root.child('Users/'+ $uid+'/permission/'+ auth.uid).val() == true",
".write" : false
}
},
}
}
You can't use rules as filters, they are atomic to the specific branch you are trying to read/write.
Your outer read rule is giving access to the whole /Users branch. Removing it and having the userId that you want to read you will get the behavior you are expecting. So, unfortunately this will work only when reading with ref.child("Users").child(targetUserId).once....
{
"rules": {
"Users" : {
"$uid" : {
".read" : "(auth != null && auth.uid === $uid) || root.child('Users/'+ $uid+'/permission/'+ auth.uid).val() == true",
".write" : false
}
}
}
}
If you want to have, in one single call, the list of user ids that the authenticated user has access to I recommend you to actually save the accessible users inside /User/userId instead of having the ones that can read. And your rules will slightly change.
{
"rules": {
"Users" : {
"$uid" : {
".read" : "(auth != null && auth.uid === $uid) || root.child('Users/'+ auth.uid +'/accessibleUsers/'+ $uid).val() == true",
".write" : false
}
}
}
}
Additionally, this can get complex when scaling so, depending on what you plan for you application, you should be thinking of having this accessible users list in a separate branch (outside of Users).
这篇关于Firebase规则,像过滤器一样工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
