Firebase:允许读取属性名称,但不读取内容 [英] Firebase: Allow Read of property names, but not content
问题描述
什么是正确的数据库规则,以允许任何人读取属性名称,但阻止没有auth的人读取值的内容.这是一个订单系统,在此系统中,我会在设置属性值之前检查是否存在相同的ID.还是我可以做到这一点的另一种方法?谢谢.
What would be the correct database rules to allow anybody to read the property names, but prevent people without auth to read the content of the values. This is an order system, where I check if there are the same IDs before setting a property value. Or is there another way I can do this? Thank you.
这是我到目前为止所想的.
Here is what I have figured out so far.
{
"rules": {
"orders": {
".read": true,
".write": true,
}
}
}
推荐答案
在Firebase数据库安全模型中,您可以访问整个节点,也可以不访问它.您不能授予用户访问集合中每个节点的子集的权限.请参阅文档中的规则级联.
In the Firebase Database security model either you have access to an entire node, or you don't have access to it. You cannot give a user access to a subset of each node in a collection. See rules cascade in the documentation.
通常,您将集合分为两部分:一个是公共部分,另一个是私有部分.
Typically you'll instead split the collection into two: one with the public part and one with the private parts.
{
"rules": {
"ordernames": {
".read": true,
},
"orders": {
".read": "auth !== null",
}
}
}
另请参阅:
- How to create public/private user profile with Firebase security rules?
- Firebase: How to structure public/private user data
- Firebase Security Rules: Public vs. Private Data
这篇关于Firebase:允许读取属性名称,但不读取内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
