如何设置这个Firebase规则? [英] How to set this Firebase rules?
问题描述
我有这样的结构:
p> 。
I am stuck on how to solve the security for my app here.
I have this structure:
Users shouldn't be able to write to points, but able to write to nickname. Is this possible?
I tried this rule but it doesn't work
"Users" :{
"$user_id" :{
"Points" :{
".read" : true,
".write" : false
},
"nickname" :{
".read": true,
".write": "$user_id==auth.uid"
}
UPDATE
Splitting the data to two node is a solution to one part of the problem, leaving the other part of the problem which is writing the nickname. Writing the nickname should only be possible by the user whom the nickname belong to, but in my code, I am asking the user to put email, pass and nickname. When the user is registring, the auth.uid is not available yet, I considered registering the user under temporary name and they change it later after they log in, but I am looking for a shorter solution where they get to pick the name when registering
This is my bit of code when they register:
Ref.createUser(email, pass,
new Firebase.ValueResultHandler<Map<String, Object>>() {
@Override
public void onSuccess(Map<String, Object> result) {
Ref2 = new Firebase(firebase_users_path + result.get("uid").toString());
HashMap<String, String> names = new HashMap<String, String>();
names.put("nickname", nickname);
Ref2.setValue(names, new Firebase.CompletionListener() {
@Override
public void onComplete(FirebaseError firebaseError, Firebase firebase) {
if (firebaseError != null) {
Toast.makeText(MainActivity.this, "Done!", Toast.LENGTH_SHORT).show();
} else {
Toast.makeText(MainActivity.this, "Error!", Toast.LENGTH_SHORT).show();
}
}
});
My code is returning Done! indicating registering is complete, I do find a new user but the nickname doesn't get written in users/uid because the auth.uid is not available yet
A broad guess (since the code that fails is missing) is that you're trying to write a user record:
ref.child('Users').child(auth.uid).set({ 'nickname': 'masood' });
This operation will fail, since the user doesn't have write access to the user node.
For this reason (and quite some others) it's better to split the data into separate nodes that the user has different access types to. In your case:
User_names
0a88b...
nickname: "First_user"
User_scores
0a88b...
Points: 35
Now you can secure it easily and one level higher:
"User_names" :{
"$user_id" :{
"nickname" :{
".read": true,
".write": "$user_id==auth.uid"
}
}
},
"User_points" :{
"$user_id" :{
"Points" :{
".read" : true,
".write" : false
}
}
}
You might even want to pull the .read up to a higher level, so that anyone can list user names and scores:
"User_names" :{
".read": true,
"$user_id" :{
"nickname" :{
".write": "$user_id==auth.uid"
}
}
},
"User_points" :{
".read" : true,
"$user_id" :{
"Points" :{
".write" : false
}
}
}
There's a pretty good section in the Firebase docs on how rules cannot be used to filter data.
这篇关于如何设置这个Firebase规则?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
