从Firebase中删除数据后，为什么不运行.validate安全规则? [英] Why don't .validate security rules get run when data is removed from Firebase?

问题描述

从Firebase删除数据时，似乎没有执行我的.validate规则.这是错误还是故意行为?

My .validate rules don't seem to get executed when I'm deleting data from Firebase. Is this a bug or intentional behavior?

推荐答案

通常，.validate规则用于定义数据(如果存在)的外观.它们有意在以下情况下不运行数据被删除.您应该改用.write规则来决定是否应允许写入(或删除).

In general, .validate rules are used to define what the data should look like if it exists. They are intentionally not run when the data is deleted. You should instead use .write rules to make decisions about whether the write (or delete) should be allowed.

例如，请考虑以下规则，以确保一个简单的聊天室的安全:用户可以在其中创建新的聊天室，但只能删除其所有者的聊天室:

For example, consider these rules for securing a simple chat room, where users can create new chat rooms but only delete ones for which they are the owner:

{
  "rules": {
    ".read": true,
    "$room": {
      ".write": "auth != null && (
                   (!data.exists() && newData.child('owner').val() == auth.uid) ||
                   (!newData.exists() && data.child('owner').val() == auth.uid))",
      ".validate": "newData.hasChildren(['owner', 'name'])",
      "name": {
        ".validate": "newData.val().length > 10"
      },
      "messages": {
        ".write": "auth != null"
      }
    }
  }
}

.write规则用于确定用户是否具有创建/删除聊天室的权限，.validate规则用于定义聊天室的外观(如果存在).

The .write rule is used to decide if a user has permission to create / remove a chat room, and the .validate rules are used to define what a chat room should look like if it exists.

如果.validate规则是在删除上运行的，则您将永远无法删除聊天室(因为两个.validate规则都会失败).因此，决定不对删除运行.validate规则.

If the .validate rules were run on deletes, you could never delete a chat room (since both .validate rules would fail). Hence the decision not to run .validate rules on deletes.

这篇关于从Firebase中删除数据后，为什么不运行.validate安全规则?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！