火力 - 如何列出用户特定数据? [英] FireBase - how to list user-specific data?
问题描述
目前我一直在看火力点,并一直在使用AngularJS的插件,并已发现以下问题,我不能离开。
Currently I've been looking at FireBase, and have been using the AngularJS plugin, and have found the following problem I cannot get out of.
我目前已经实现了简单的登录系统。
注册后,我的邮箱和密码登录,创建一个帖子是这样的:
I currently have implemented the simple login system. Logged in with my mail and password after registering, I create a post like this:
post = {
name: "Hi",
message: "Guys",
user_id: Auth.user.id // for my current user this is 1
}
posts.$add(post)
这一切这一点是好的。
现在我想要做的是,在职位/上火力终点,我想只显示当前登录的用户的帖子。
From this point on everything is fine. Now what I wanted to do is that in the posts/ endpoint on firebase, I want only to display the posts of the user currently logged in.
其他用户可以通过建立公开的布尔变量来读别人的帖子(不过那是以后)
Other users may be able to read posts of others by having a public boolean variable (but that's for later)
我一直在看火力地堡(见的安全API:<一href=\"https://www.firebase.com/docs/security/security-rules.html\">https://www.firebase.com/docs/security/security-rules.html)
目前,我有这样的:
I've been looking at the security API of Firebase (see: https://www.firebase.com/docs/security/security-rules.html) Currently I have this:
{
"rules": {
"posts": {
"$post": {
".read": "data.child('user_id').val() == auth.id",
".write": "(data.child('user_id').val() == auth.id) || (newData.child('user_id').val() == auth.id)"
}
}
}
}
它的工作原理,以在一定程度上,我可以写帖子只是如果我登录,但我不能阅读任何文章!
It works to a certain extend, I can write posts only if I'm logged in, but I cannot read any posts!
posts = new Firebase(base + '/posts')
posts = $firebase(posts)
错误是:火力警告:在()或一次()用于/职位失败:错误:PERMISSION_DENIED:客户端没有权限来访问所需的数据。
The error is: FIREBASE WARNING: on() or once() for /posts failed: Error: permission_denied: Client doesn't have permission to access the desired data.
如果任何人有一个解决方案,那么这将是真棒!
If anyone has a solution then that would be awesome!
推荐答案
安全规则不能被用作数据过滤器。你不能只是读取整个帖子的路径,并期望只检索你被允许看到的记录。相反,你需要建筑师数据的方式,你可以阅读的完整路径,或存储索引,其中记录是可见的,并分别获取它们。
Security rules cannot be used as data filters. You can't just read the entire posts path and expect to only retrieve the records you're allowed to see. Instead, you need to architect your data in a manner that you can read the whole path, or store an index of which records are viewable and fetch them separately.
例如,由组ID或用户ID存储记录:
For example, store the records by group ids or by user ids:
/posts/$group/data...
/posts/$user/data...
然后你就可以确保您的用户有权通过其分配给适当的组,并简单地获取这些消息对于那些群体:
And then you can ensure your users have permissions by assigning them to appropriate groups, and simply fetching the messages for those groups:
var ref = new Firebase(base + '/posts/' + GROUP_ID);
var posts = $firebaseArray(ref);
也可以创建信息的索引每个用户/组/等,可以查看:
Or you can create an index of messages each user/group/etc may view:
/posts/$post_id/data...
/posts_i_can_view/$user_id/$post_id/true
和从主列表中逐个获取它们。如
And fetch them individually from the master list. A tool like Firebase-util will make this much simpler:
var fb = new Firebase(base);
var ref = Firebase.util.NormalizedCollection(
fb.child('posts_i_can_view/'+USER_ID),
fb.child('posts')
)
.select('posts.message', 'posts.user_id')
.ref();
var posts = $firebaseArray(ref);
进一步阅读火力地堡数据结构:
Further reading on Firebase data structures:
<一个href=\"https://www.firebase.com/docs/web/guide/structuring-data.html\">https://www.firebase.com/docs/web/guide/structuring-data.html
<一href=\"https://www.firebase.com/docs/web/guide/understanding-data.html\">https://www.firebase.com/docs/web/guide/understanding-data.html
<一href=\"https://www.firebase.com/blog/2013-04-12-denormalizing-is-normal.html\">https://www.firebase.com/blog/2013-04-12-denormalizing-is-normal.html
这篇关于火力 - 如何列出用户特定数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
