只有子.write规则[Firebase] [英] Only has children .write rule [Firebase]

问题描述

给出以下规则:

   {
    "rules": {
        "users": {
           "$uid": {
              "name":{
                ".read": "auth != null && auth.uid == $uid",
                ".write": "auth != null && auth.uid == $uid"
              }
           }
        }
      }
    }

Firebase中是否有一种方法可以限制可以写入对象的子级?

Is there a way in Firebase to limit the children that can be written to an object?

例如，我想限制客户端仅使用一个属性来编写该对象:

For example I would like to limit the client to writing this object with only one attribute:

name {
  "value": "value"
}

我知道有.validate和hasChildren()，但这不会阻止用户合法地在$ uid下写入具有不想要的属性的对象.

I know there is .validate and hasChildren() but it doesn't prevent a user to legally write an object under $uid with undesired attributes.

没有什么可以阻止客户端编写如下对象:

Nothing is preventing the client from writing an object as follows:

name {
  "value":"value",
  "unwantedAttribute":"wastingSpace"
}

与hasThoseChildrenOnly()是否等效?

推荐答案

.write规则确定谁可以将数据写入位置，而不是什么写.

A .write rule determines who can write data to a location, not what data they can write.

要确定所写数据的结构，您需要一个.validate规则.在这种情况下，您可以说name是必需的，并且必须是带有以下内容的字符串:

To determine the structure of the data written, you'll need a .validate rule. In this case you can say that a name is required and must be a string with:

{
  ".validate": "newData.hasChild('name')",
  "name": {
    ".validate": "newData.isString()"
  },
  "$other": {
    ".validate": false
  }
}

顶层验证可确保新数据必须始终具有name属性.没有此功能，您可以删除name，因为删除数据不会触发验证.

The validate on the top-level ensures that new data must always have a name property. Without this, you can delete the name, because deleting data does not trigger validation.

第二个验证可确保name是字符串.

The second validate ensures that name is a string.

第三次验证可确保除name以外的任何子项都将被拒绝.

The third validation ensures that any child but name will be rejected.

这篇关于只有子.write规则[Firebase]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！