只有子.write规则[Firebase] [英] Only has children .write rule [Firebase]
问题描述
给出以下规则:
{
"rules": {
"users": {
"$uid": {
"name":{
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid"
}
}
}
}
}
Firebase中是否有一种方法可以限制可以写入对象的子级?
Is there a way in Firebase to limit the children that can be written to an object?
例如,我想限制客户端仅使用一个属性来编写该对象:
For example I would like to limit the client to writing this object with only one attribute:
name {
"value": "value"
}
我知道有.validate
和hasChildren()
,但这不会阻止用户合法地在$ uid下写入具有不想要的属性的对象.
I know there is .validate
and hasChildren()
but it doesn't prevent a user to legally write an object under $uid with undesired attributes.
没有什么可以阻止客户端编写如下对象:
Nothing is preventing the client from writing an object as follows:
name {
"value":"value",
"unwantedAttribute":"wastingSpace"
}
与hasThoseChildrenOnly()
是否等效?
推荐答案
.write
规则确定谁可以将数据写入位置,而不是什么写.
A .write
rule determines who can write data to a location, not what data they can write.
要确定所写数据的结构,您需要一个.validate
规则.在这种情况下,您可以说name
是必需的,并且必须是带有以下内容的字符串:
To determine the structure of the data written, you'll need a .validate
rule. In this case you can say that a name
is required and must be a string with:
{
".validate": "newData.hasChild('name')",
"name": {
".validate": "newData.isString()"
},
"$other": {
".validate": false
}
}
顶层验证可确保新数据必须始终具有name
属性.没有此功能,您可以删除name
,因为删除数据不会触发验证.
The validate on the top-level ensures that new data must always have a name
property. Without this, you can delete the name
, because deleting data does not trigger validation.
第二个验证可确保name
是字符串.
The second validate ensures that name
is a string.
第三次验证可确保除name
以外的任何子项都将被拒绝.
The third validation ensures that any child but name
will be rejected.
这篇关于只有子.write规则[Firebase]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!