如何允许读/写对象仅与火力地堡身份验证的用户? [英] How to allow read/write objects only to authenticated user with Firebase?

查看:329
本文介绍了如何允许读/写对象仅与火力地堡身份验证的用户?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我试图让存储笔记对象火力地堡,以确保可将笔记阅读与写作者的用户安全规则的简单测试。

I am trying to make a simple test of storing notes objects in Firebase, with user security rules that ensure the notes can be read and write only to the author.

下面是存储在火力的数据看起来是这样的:

Here is what the data stored in firebase looks like:

my_firebase_db
- notes
    - K835Tw_H28XXb-Sj4b
        - text: "note 1 from author 1",
        - user_id: "11b09925-534b-4955-ac55-3e234809432f"
    - K835Tw_H28XXb-Sj4b
        - text: "note 1 from author 2",
        - user_id: "11b09925-534b-4955-ac55-4d223893382c"
    - K835Tw_H28XXb-Sj4b
        - text: "note 2 from author 2",
        - user_id: "11b09925-534b-4955-ac55-4d223893382c"

角code(AngularFire)的认证与自定义标记,加载注释和方法,用户可以添加备注:

Angular code (AngularFire) that authenticates the user with a custom token, load notes and method to add a note:

var ref = new Firebase("https://xxx.firebaseio.com");
// Authenticate users with a custom authentication token
$firebaseAuth(ref).$authWithCustomToken(data.token).then(function(authData) {
      console.log("Logged in as:", authData.uid);
      $scope.user_id = authData.uid;
}).catch(function(error) {
      console.error("Authentication failed:", error);
});

// Load notes
$scope.notes = $firebaseArray(ref.child('notes'));

$scope.addNote = function() {
  note = {
      user_id: $scope.user_id,
      text: $scope.newNote.text
  };
  $scope.notes.$add(note);
};

安全性与;规则设置在火力地堡:

Security & rules setup in Firebase:

{
  "rules": {
    "notes": {
      ".read": "auth != null && data.child('user_id').val() === auth.uid",
      ".write": "auth != null && newData.child('user_id').val() === auth.uid"
    }
  }
}

使用这些规则,阅读和放大器;写是不允许的。

With these rules, read & write is not allowed.

如果我改变规则,这样做,则读取和放大器;写允许(但笔者可以阅读大家的注意事项):

If I change the rules to this, then read & write are allowed (but authors can read everybody's notes):

{
  "rules": {
    "notes": {
      ".read": "auth != null",
      ".write": "auth != null"
    }
  }
}

我怎么能写一个火力点安全规则,将允许授权用户阅读和放大器;写自己的笔记?

How can I write a security rule in firebase that will allow the authenticated user to read & write their own notes?

推荐答案

原来答案在这里:的规则不是过滤器

这篇关于如何允许读/写对象仅与火力地堡身份验证的用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
JavaScript最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆