使用Firebase实时创建隐藏的用户节点 [英] Create hidden user node using firebase realtime

问题描述

我在Firebase安全规则方面遇到一些问题.我希望任何用户在建立我要拥有两个节点的帐户后都能同时使用我的iOS应用程序创建一个帐户，一个是私有的，一个是公共的.我希望任何人都可以访问公共节点，包括用户自己，但是创建帐户的用户只能访问私有节点.我已经尝试了很多东西，但是我的所有工作似乎都不起作用.我想通过仅具有链接而不知道每个用户的uid来获取所有公共节点值

1-任何人都可以创建一个帐户2-只有用户可以访问自己的私有节点3-只能提取用户所有公共节点的链接

谢谢！!!!

例如，我想获取所有用户

这是我的一些作品

  {规则":{爱尔兰":{用户":{"$ uid":{私人的": {".read":"auth！=空&& auth.uid == $ uid"，".write":"auth！=空&& auth.uid == $ uid"，}，上市": {".read":是的，".write":"auth！=空&& auth.uid == $ uid"，}，}，}，}，}，} 

这是我的快捷代码，但是每次我尝试创建一个帐户时，都会说权限被拒绝

  guard let uid = result?.user.uid else {return}let privateValues = [电子邮件":电子邮件，用户名":用户名，密码":密码，"profileImageUrl":profileImageUrl，国家":爱尔兰"]let publicValues = [用户名":用户名，"profileImageUrl":profileImageUrl]let值= [uid:["private":privateValues，"public":publicValues]]Database.database().reference().child("Ireland").child("users").updateChildValues(values，withCompletionBlock:{(错误，参考)在如果让错误=错误{打印(无法将用户信息保存到数据库:"，错误)self.signUpButton.wiggle()返回} 

解决方案

Firebase安全规则不能用于过滤数据.他们所做的只是检查是否允许某种读取操作，而无需检查每个单独的节点.

因此，如果将侦听器附加到/Ireland ，服务器将检查当前用户是否具有对/Ireland 的读取权限.由于没有人具有该级别的权限，因此将拒绝读取操作.

在文档和之前的问题.

去年Firebase增加了对验证安全规则中的查询的支持，因此，例如，您可以允许查询，也可以通过 ownerUID 类型属性进行过滤.有关更多信息，请参见基于查询的规则上的文档那个.

但这对您的用例也不起作用，因为读取操作总是返回完整的节点.这使我们回到了不能使用安全规则来过滤数据的事实.

您将必须将公共数据和私有数据分为两个单独的顶级节点: private 和 public .这是Firebase文档建议保持数据结构平坦的众多原因之一.

另请参阅:

• 如何创建公共/私人用户带有Firebase安全规则的配置文件?
• Firebase:如何构建公共/私有用户数据

I am having some issues with Firebase security rules. I want any user to be able to create an account using my iOS app at the same time once he or she establishes the account I want to have two nodes one is private, and one is public. I want the public to be accessed by anyone, including the user its self, but the user that created the account only accesses the private node. I have tried a lot of things, but none of my work seems to work. I want to fetch all the public node values by just having a link without knowing the uid of each user

1- Anyone can create an account 2- Only the user can access his own private node 3- A link where I can fetch all of the user's public node only

Thank you!!!!

for example, I would like to fetch all the users https://id.firebaseio.com/Ireland.json

Here is some of my work

{
  "rules": {
    "Ireland": {
      "users": {
        "$uid": {
          "private": {
            ".read": "auth != null && auth.uid == $uid",
            ".write": "auth != null && auth.uid == $uid",
          },
          "public": {
            ".read": true,
            ".write": "auth != null && auth.uid == $uid",
          },
        },
      },
    },
  },
}

here is my swift code, but every time I try to create an account it says permission denied

guard let uid = result?.user.uid else { return }

let privateValues = ["email": email, "username": username, "password": password, "profileImageUrl": profileImageUrl, "country": "Ireland"]
let publicValues = ["username": username, "profileImageUrl": profileImageUrl]

let values = [uid: ["private": privateValues, "public": publicValues]]

                    Database.database().reference().child("Ireland").child("users").updateChildValues(values, withCompletionBlock: { (error, reference) in
if let error = error {
print("Failed to save user info to database: ", error)
self.signUpButton.wiggle()
return
}

解决方案

Firebase security rules cannot be used to filter data. All they do is check if a certain read operation is allow, without checking each individual node.

So if you attach a listener to /Ireland, the server checks if the current user has read permission to /Ireland. Since nobody has permission on that level, the read operation is rejected.

This is also known as 'rules are not filters' in both the documentation and previous questions.

Last year Firebase added support for validating queries in security rules, so that for example you can allow queries that also filter by a ownerUID type property. See the documentation on query based rules for more on that.

But that won't work for your use-case either, since read operations always return full nodes. Which brings us back to the fact that security rules can't be used to filter data.

You will have to separate the public and private data into two separate top-level nodes: private and public. This is one of the many reasons the Firebase documentation recommends keeping your data structure flat.

Also see:

• How to create public/private user profile with Firebase security rules?
• Firebase: How to structure public/private user data

这篇关于使用Firebase实时创建隐藏的用户节点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！