Firebase安全规则:允许读取除一个字段以外的任何内容 [英] Firebase security rules: Allow read on anything except one field

问题描述

在我的Firebase安全规则中，我希望匿名用户能够读取除一个字段( secret_field )以外的任何内容:

In my Firebase security rules, I want anonymous users to be able to read anything except one field (secret_field):

{
  "rules": {
    ".read": true,
    ".write": "auth != null",
    "stuff" : {
      "$stuffID" : {
        "secret_field" : {
           ".read" : "auth != null"
        }
      }
    }
  }
}

但是，在Firebase中，如果在前往 secret_field 的途中有任何读取规则评估为true，则将授予对 secret field 的读取访问权限.

However, in Firebase, if any read rule on the way to secret_field evaluates as true, read access on secret field is granted.

有没有办法扭转这种行为?(如果在通往 secret_field 的途中有任何读取规则评估为false，则禁止读取访问)

Is there a way to reverse that behavior? (If any read rule on the way to secret_field evaluates to false, disallow read access)

推荐答案

您不能撤消该行为，但是可以通过为公共字段引入容器"并将其.read设置为true来解决此问题.例如:

You can't reverse the behavior, but you can solve this by introducing a "container" for the public fields and setting .read to true for it. For example:

{
  "rules": {
    "stuff" : {
      "$stuffID" : {
        "public" : {
          ".read": true
        },
        "secret_field" : {
          ".read" : "auth != null"
        }
      }
    }
  }
}

然后每个人都可以访问.../public/下的所有内容，但是只有经过身份验证的用户可以访问.../secret_field.

And then everything under .../public/ is accessible to everybody but .../secret_field is only accessible for authenticated users.

这篇关于Firebase安全规则:允许读取除一个字段以外的任何内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！