阵列中子项目的Firebase安全规则 [英] Firebase security rules for child items in arrays

问题描述

我的Firebase中具有以下数据结构:

I have the following data structure in my firebase:

{
    "groups" : {
        "-KEFQ7rTQscPX4hqn6ec" : {
          "createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
          "description" : "Test",
          "isPublic" : true,
          "title" : "T1"
        },
        "-KEFQao_Wd-Y-nLzIx2e" : {
          "createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
          "description" : "B",
          "isPublic" : false,
          "title" : "E"
        }
}

，并且正在努力实现以下目标:

and am trying to achieve the following:

1. 每个人都可以阅读所有带有"isPublic" == true的组
2. 只有登录的用户才能看到他们创建的组

我的第一种方法是:

{
  "rules": {
    "groups": {
      ".read": true,
      "$id": {
        ".read": "data.child('isPublic').val() === true"
        }
      }
  }
}

此stackoverflow帖子解释了为什么它不起作用，但是我不知道如何使它工作.

This stackoverflow post explains why it doesn't work, but I couldn't figure out how I can make it work.

这篇文章为公共/私人问题提供了解决方案(我的第一个问题)，但不是第二个问题.

This post has a solution for the public/private problem (my 1. question) but not for the second question.

感谢@VonD为公共/私人问题提供了可行的解决方案.

Thanks to @VonD for the working solution for the public/private problem.

使用此解决方案，可以解决公共/私有问题.考虑到一个私有组有许多成员，并且它们的用户ID将存储在另一个数组成员"中-如果我是成员，我将如何只允许访问该组?

With this solution the problem with public/private is solved. Considering that a private group has many members and the user ids of them would be stored in another array "members" - how would I only allow access to the group if I am a member?

"privateGroups": {
        "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c": {
            "-KEFQao_Wd-Y-nLzIx2e" : {
                "createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
                "description" : "B",
                "title" : "E",
                "members": [userId1, userId2, userId3...]
            }
        }
    }

推荐答案

您的文档结构无法实现所需的安全规则:如果您想表示给定的用户可以阅读一些给定节点的子文档，用户将只能使用其完整路径访问它们，例如"groups/-KEFQao_Wd-Y-nLzIx2e"，但他将无法检索与给定条件匹配的组列表(当然，除非您在其他路径上维护用户可以访问的组的列表，否则就意味着您将为每个用户复制所有公共组的ID.)

The required security rules cannot be implemented with your document structure : if you want to express that a given user can read some of the child documents of a given node, the user will only be able to access them with their full path, for example "groups/-KEFQao_Wd-Y-nLzIx2e", but he will not be able to retrieve a list of groups matching the given criteria (unless of course you maintain at a different path a list of the groups the user can access, which means you would duplicate all public groups ids for each user).

最适合Firebase安全规则的文档结构为:

A document structure that would better fit firebase security rules would be :

{
    "publicGroups": {
        "-KEFQ7rTQscPX4hqn6ec" : {
            "createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
            "description" : "Test",
            "title" : "T1"
        }
    },
    "privateGroups": {
        "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c": {
            "-KEFQao_Wd-Y-nLzIx2e" : {
                "createdBy" : "b5cd3a86-108e-4ef3-9ab8-8a1e4da7491c",
                "description" : "B",
                "title" : "E"
            }
        }
    }
} 

然后可以轻松实施安全规则:

Security rules would then be easy to implement:

{
    "publicGroups": {
        ".read": true
    },
    "privateGroups": {
        "$userId": {
            ".read": "auth.uid === $userId"
        }
    }
}

希望有帮助.

这篇关于阵列中子项目的Firebase安全规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！