Firebase数据库规则适用于组 [英] Firebase Database Rules for groups
问题描述
我有这个Firebase DB可以在必要时进行更改:
该DB的JSON为:
{
groups:{
1:{
name:G1,
points:{
1:{
name:p1
visits:{
1:{
name:v1
}
},
areas:{
1:{
name:a1
}
},
waypoints:{
1:{
name:w1
}
},
interest:{
1:{
name:i1
}
}
},
2:{
name:G2,
points:{
2:{
name:p2
$ b访问:{
2:{
name:v2
}
},
地区:{
2:{
name:a2
}
},
航点:{
2:{
name:w2
}
},
interest:{
2:{
name:i2
}
}
}
},
users:{
qdRw1khg1ZO1s52YioYCdM4WrD02:{
firstName:AAAA,
lastName:BBB,
email:sdf@sdfs.com
},
h3KYDXkPQrY246w6Y6NXIanVoNS2: {
firstName:FF,
lastName:RR,
email:wwf@jjuzhz.com
}
} ,
userGroups:{
qdRw1khg1ZO1s52YioYCdM4WrD02:{
1:admin,
2:readwrite
},
h3KYDXkPQrY246w6Y6NXIanVoNS2:{
1:admin,
2:readonly
}
}
}
我想定义规则来完成以下任务:
- 每个人都可以创建一个新组
- 只有组的用户可以读取组数据
- 只有组的管理员可以写数据给组本身,添加用户和更改组数据的子级别,但
- readwrite组用户可以写入子级别points和visits
- readonly组用户不能写在所有
我有:
groups:{
$ groupId:{
.read:root.child('userGroups')。child (auth.uid).child($ groupId).exists(),
.write:! root.child('userGroups')。child(auth.uid).child($ groupId).exists()||
(data.parent().val()==='points'&& root.child('userGroups')。child(auth.uid).child($ groupId).val()! ='只读')||
(data.parent().val()==='visits'&& root.child('userGroups')。child(auth.uid).child($ groupId).val()= =='只读')||
(data.parent().val()!='points'&& data.parent().val()!='visits'&& root.child('userGroups')。 child(auth.uid).child($ groupId).val()==='admin')
}
},
users:{
$ userId:{
.read:auth!= null,
.write:auth!= null&&
$ userId === auth.uid&&
newData.val()!= null
},
userGroups:{
$ userId:{
.read :auth!= null,
.write:auth!= null&&
data.child(auth.uid).val()==='admin'&&
newData.val()!= null
}
<但是,这是行不通的
data.parent()。val()
不会返回父级的名称字符串,所以我不能这样做
data.parent()。val()!='points'
如何解决这个问题?根据指定的规则写数据到组。
Firebaser在这里。
我的第一步是将特定子节点的规则移动到特定的子节点。删除你一直存在的 parent()
问题,第一次迭代是:
$ b $ pre $ .read:root.child('userGroups')。child(auth.uid).child($ groupId)。 exists(),
points:{
.write:
}
$ b $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $' b
这允许用户 下一步是使规则更通用。为此,我介绍一个 这允许用户 更新:显然我颠倒了上面的逻辑,所以这里是我的最后一个要求: 使用此用户 I have this Firebase DB which could be changed if necessary: The JSON of that DB is: I want to define rules to accomplish the following: I have: But that does not work since does not return the parent's name string. So I can't do How to solve this? The problem is writing data to groups according to the rules specified. Firebaser here. Expect this answer to be updated as I go along. My first step is to move the rules for the specific child nodes into that specific child node. That removes the This allows user A next step is to make the rule more generic. To do this I introduce a This allows user Update: apparently I inverted your logic above, so here's my final take: With this user 这篇关于Firebase数据库规则适用于组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! h3KYDXkPQrY246w6Y6NXIanVoNS2
写入 / groups / 1 / points
(其中用户是管理员),但不是
$ child
变量,该变量匹配组下的任何节点:
< codegroups:{
$ groupId:{$ b $.read:root.child('userGroups')。child(auth.uid).child($ groupId ).exists(),
$ child:{
.write:root.child('userGroups')。child(auth.uid).child($ groupId).val ()!=='readonly'
||($ child!=='points'&& $ child!=='visits')
h3KYDXkPQrY246w6Y6NXIanVoNS2
写入 / groups / 2 / name
(可由任何组成员写入),但不能写入 / groups / 2 / points
用户只能只读访问)。
groups:{
$ groupId:{
.read:root.child('userGroups ).child(auth.uid).child($ groupId).exists(),
.write:root.child('userGroups')。child(auth.uid).child($ groupId ).val()=='admin',
$ child:{
.write:root.child('userGroups')。child(auth.uid).child $ groupId).val()==='readwrite'
&& ($ child!=='points'|| $ child!=='visits')
}
}
h3KYDXkPQrY246w6Y6NXIanVoNS2
:
/ groups / 1 / name
,因为它们是第1组的管理员
/ groups / 2 / points
,因为它们是第1组的管理员
/ groups / 2 / name
,因为他们不是第2组的管理员
/ groups / 2 / points
,因为它们是第2组的读写成员
{
"groups": {
"1": {
"name": "G1",
"points": {
"1": {
"name": "p1"
}
},
"visits": {
"1": {
"name": "v1"
}
},
"areas": {
"1": {
"name": "a1"
}
},
"waypoints": {
"1": {
"name": "w1"
}
},
"interests": {
"1": {
"name": "i1"
}
}
},
"2": {
"name": "G2",
"points": {
"2": {
"name": "p2"
}
},
"visits": {
"2": {
"name": "v2"
}
},
"areas": {
"2": {
"name": "a2"
}
},
"waypoints": {
"2": {
"name": "w2"
}
},
"interests": {
"2": {
"name": "i2"
}
}
}
},
"users": {
"qdRw1khg1ZO1s52YioYCdM4WrD02": {
"firstName": "AAAA",
"lastName": "BBB",
"email": "sdf@sdfs.com"
},
"h3KYDXkPQrY246w6Y6NXIanVoNS2": {
"firstName": "FF",
"lastName": "RR",
"email": "wwf@jjuzhz.com"
}
},
"userGroups": {
"qdRw1khg1ZO1s52YioYCdM4WrD02": {
"1": "admin",
"2": "readwrite"
},
"h3KYDXkPQrY246w6Y6NXIanVoNS2": {
"1": "admin",
"2": "readonly"
}
}
}
"groups": {
"$groupId": {
".read": "root.child('userGroups').child(auth.uid).child($groupId).exists()",
".write": "! root.child('userGroups').child(auth.uid).child($groupId).exists() ||
(data.parent().val() === 'points' && root.child('userGroups').child(auth.uid).child($groupId).val() != 'readonly') ||
(data.parent().val() === 'visits' && root.child('userGroups').child(auth.uid).child($groupId).val() === 'readonly') ||
(data.parent().val() != 'points' && data.parent().val() != 'visits' && root.child('userGroups').child(auth.uid).child($groupId).val() === 'admin')"
}
},
"users": {
"$userId": {
".read": "auth != null",
".write": "auth != null &&
$userId === auth.uid &&
newData.val() != null"
}
},
"userGroups": {
"$userId": {
".read": "auth != null",
".write": "auth != null &&
data.child(auth.uid).val() === 'admin' &&
newData.val() != null"
}
}
data.parent().val()
data.parent().val() != 'points'
parent()
problem you've been having. First iteration is: "groups": {
"$groupId": {
".read": "root.child('userGroups').child(auth.uid).child($groupId).exists()",
"points": {
".write": "root.child('userGroups').child(auth.uid).child($groupId).val() !== 'readonly'"
}
}
},
h3KYDXkPQrY246w6Y6NXIanVoNS2
to write to /groups/1/points
(of which the user is an admin), but not to /groups/2/points
(to which the user only has readonly access).$child
variable, which matches any node under the group: "groups": {
"$groupId": {
".read": "root.child('userGroups').child(auth.uid).child($groupId).exists()",
"$child": {
".write": "root.child('userGroups').child(auth.uid).child($groupId).val() !== 'readonly'
|| ($child !== 'points' && $child !== 'visits')"
}
}
h3KYDXkPQrY246w6Y6NXIanVoNS2
to write to /groups/2/name
(which is writeable by any group member), but not to /groups/2/points
(to which the user only has readonly access). "groups": {
"$groupId": {
".read": "root.child('userGroups').child(auth.uid).child($groupId).exists()",
".write": "root.child('userGroups').child(auth.uid).child($groupId).val() == 'admin'",
"$child": {
".write": "root.child('userGroups').child(auth.uid).child($groupId).val() === 'readwrite'
&& ($child !== 'points' || $child !== 'visits')"
}
}
h3KYDXkPQrY246w6Y6NXIanVoNS2
:
/groups/1/name
because they're admin of group 1/groups/2/points
because they're admin of group 1/groups/2/name
because they're not an admin of group 2/groups/2/points
because they're a readwrite member of group 2