Firebase安全规则:允许读取除一个字段以外的任何内容 [英] Firebase security rules: Allow read on anything except one field
问题描述
在我的Firebase安全规则中,我希望匿名用户能够读取除一个字段( secret_field
)以外的任何内容:
In my Firebase security rules, I want anonymous users to be able to read anything except one field (secret_field
):
{
"rules": {
".read": true,
".write": "auth != null",
"stuff" : {
"$stuffID" : {
"secret_field" : {
".read" : "auth != null"
}
}
}
}
}
但是,在Firebase中,如果在前往 secret_field
的途中有任何读取规则评估为true,则将授予对 secret field
的读取访问权限.
However, in Firebase, if any read rule on the way to secret_field
evaluates as true, read access on secret field
is granted.
有没有办法扭转这种行为?(如果在通往 secret_field
的途中有任何读取规则评估为false,则禁止读取访问)
Is there a way to reverse that behavior? (If any read rule on the way to secret_field
evaluates to false, disallow read access)
推荐答案
您不能撤消该行为,但是可以通过为公共字段引入容器"并将其.read设置为true来解决此问题.例如:
You can't reverse the behavior, but you can solve this by introducing a "container" for the public fields and setting .read to true for it. For example:
{
"rules": {
"stuff" : {
"$stuffID" : {
"public" : {
".read": true
},
"secret_field" : {
".read" : "auth != null"
}
}
}
}
}
然后每个人都可以访问.../public/下的所有内容,但是只有经过身份验证的用户可以访问.../secret_field.
And then everything under .../public/ is accessible to everybody but .../secret_field is only accessible for authenticated users.
这篇关于Firebase安全规则:允许读取除一个字段以外的任何内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!