如何使用Firebase规则检查用户组数组和记录组数组是否相交 [英] How to use firebase rule to check is user group array and record group array intersect
问题描述
我在firebase中有一个记录列表,该记录上有一个group属性,其中包含零个或多个组.我还拥有firebase auth对象,该对象上也将具有零个或多个组.我想为我的记录设置一个.read firebase规则,该规则将检查两者是否至少有一个存在于两个列表中的组.
I have a list of records in firebase which will have a group property with zero or more groups on it. I also have the firebase auth object which will also have zero or more groups on it as well. I would like to set up a .read firebase rule for my records that will check if the two have at lease one group that exists in both lists.
换一种说法,我有一个用户,该用户具有已分配给它的一组组的数组.我有一些记录,在它们上也有一些组列表,这些列表指定用户必须具有哪些组才能访问它们.如果登录的用户尝试访问该记录,我想确保该用户至少具有该记录所需的一组.
Put another way I have a user that has an array of groups that have been assigned to it. I have some records that also has some list of groups on them that specify what groups the user must have to access them. If the logged in user tries to access the record, I want to make sure that the user has at least one group that the record requires.
在客户端上,我会做类似_.intersect(userGroups, recordGroups).length > 0
On the client I would do something like _.intersect(userGroups, recordGroups).length > 0
我不确定如何在firebase规则表达式中执行此操作.如果它能像这样工作,那就太好了.
I'm not sure how I would do this in a firebase rule expression. It would be cool if it worked something like this.
记录:
{
someData: "test"
groups: ['foo', 'bar']
}
Firebase身份验证对象:
Firebase Auth Object:
{
userName: "Bob",
groups: ['foo', 'bar']
}
规则数据:
{
"rules": {
"records": {
"$recordId": {
".read": "data.child('groups').intersectsWith(auth.groups)"
}
}
}
}
谢谢.
更新:
我认为,如果hasChildren()使用了||代替&&我可以将组名放在他们的关键位置,然后以这种方式检查它们的存在.类似于"data.child('groups').hasChildren(auth.groups, 'or')"
Update:
I think that if hasChildren() used || instead of && I could put the group names in they key position and check for their existence this way. Something like "data.child('groups').hasChildren(auth.groups, 'or')"
记录位置:
{
someData: "test"
groups: {
'foo': '',
'bar': ''
}
}
Update2: 根据加藤的评论&链接我意识到,即使hasChildren可以做到,还是无法正常工作.对单个记录的请求可以工作,但是如果当前用户无权访问所有记录,则对所有记录的请求都会出错.
Update2: Based off Kato's comment & link I realize that even if hasChildren could do OR it still wouldn't work quite right. Requests for individual records would work but requests for all records would error if the current user didn't have access to every record.
目前尚不清楚您将如何构造数据来完成这项工作.如果一条记录可以属于多个组,那么它将如何工作?这是一种非常常见的情况(基本上是linux组权限的工作方式),所以我不能成为唯一尝试这样做的人.有人对在Firebase中如何实现此目标有任何想法/示例吗?
It is still not clear how you would structure data to make this work. If a record could belong to many groups how would that work? This is a very common scenario(basically how linux group permissions work) so I can't be the only one trying to do this. Anyone have any ideas/examples of how to accomplish this in firebase?
推荐答案
目前,我认为这是不可能的.此处列出了数量有限的变量,方法和运算符:
At the current moment, I believe it's impossible. There's a limited number of variables, methods, and operators allowed, listed here:
由于规则中不允许使用函数定义,因此您无法做任何花哨的事情,例如在数组上调用array.some(callback)自己进行匹配.
Since function definitions are not allowed in the rules, you can't do anything fancy like call array.some(callback) on an array to do the matching yourself.
您知道三个选项:
1)复制数据,因此您无需进行检查.这就是我在项目中所做的事情:我希望一些用户数据(名称)可供在其网络列表中共享网络的用户使用.本来我想检查两个成员的网络列表,以查看是否至少有一个匹配项.最终,我意识到将每个用户的名称保存为网络数据的一部分会更容易,因此不必查找需要这种奇怪权限的用户.我对您的数据了解不足,无法提出您需要复制的内容.
1) Copy data so you don't need to do the check. This is what I did in my project: I wanted some user data (names) available to users that shared a network in their network lists. Originally I wanted to check both member's network lists to see if there was at least one match. Eventually I realized it would be easier to just save each user's name as part of the network data so there wouldn't have to be a user look up requiring this odd permissions. I don't know enough about your data to suggest what you need to copy.
2)使用字符串而不是数组.您可以将一个字符串转换为正则表达式(或仅将其保存为正则表达式格式),然后使用它在另一字符串中搜索匹配项. Firebase数据库正则表达式文档
2) Use strings instead of arrays. You can turn one string into a regex (or just save it in regex format) and use it to search the other string for a match.Firebase DB Regex Docs
3)如果您有足够的此类奇怪情况,请实际运行以自定义方式验证请求的服务器.在数据库中,只需允许对服务器的权限即可.您可以使用 Firebase Cloud Functions 或滚动使用
3) If you have enough weird cases like this, actually run a server that validates the request in a custom fashion. In the DB, just allow permissions to your server. You could use Firebase Cloud Functions or roll your own server that uses the Firebase Admin SDK
这篇关于如何使用Firebase规则检查用户组数组和记录组数组是否相交的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
