firebase".read":"auth!= null&&auth.uid == $ uid“不能按预期工作 [英] firebase ".read": "auth != null && auth.uid == $uid" not working as expected
问题描述
我今天从Firebase开始,尝试创建一个示例iOS应用.目前,我一直坚持保护自己的数据.
让我们说我有这个演示数据.
{"Demodata":{"demodata-1":{"id":1"uid":1234}}} 和此规则文件
{规则":{"Demodata":{"$ uid":{".read":"auth.uid == $ uid"}}}} 和具有uid的登录用户:1234
我使用此代码登录.
ref.authUser(电子邮件,密码:密码,withCompletionBlock:{错误,authData在完成(结果:错误)}) 然后我尝试使用此代码获取数据.
demoDataRef.queryOrderedByChild("id").queryEqualToValue(queryValue).observeSingleEventOfType(.Value,withBlock:{//一次做一些事情打印(快照)}) 但是我从来没有从Firebase取回数据.当我删除规则并向父级添加".read":true时,一切正常.
我确定我会错过一些东西,但此刻我有点迷路了.也许有人可以指出我正确的方向.
此处有两处错误.其中一个很容易修复,而另一个则更困难.
1.订购跳过一个级别"
您缺少JSON数据中的级别.当您调用 queryOrderByChild("id")时,该排序将应用于 demoDataRef 的每个子节点的"id"子属性.
要解决此问题,请为用户添加一个级别到您的JSON:
{"Demodata":{"demodata-1":{"user1":{"id":1"uid":1234},"user2":{"id":2"uid":2345}}}} 2.规则不是过滤器
第二个问题是您试图对 Demodata 执行查询,但是您的用户没有对 Demodata 的读取权限.这意味着Firebase将立即拒绝该操作.如果您附加 withCancelBlock ,则会看到该拒绝.
因此,尽管用户可能能够读取特定记录(甚至每个特定记录),但他们无法查询记录列表.这是对Firebase安全规则的常见误解,该文档涵盖在规则级联和规则不是过滤器.
不幸的是,这意味着您通常必须选择一种不同的方法来构造数据.存储用户时,常见的解决方案是将每个用户存储在其uid下:
{"Demodata":{"demodata-1":{"1234":{"id":1名称":"user1"},"2345":{"id":2名称":"user2"}}}} 现在,每个用户都可以通过直接查找来访问自己的个人资料:
demoDataRef.childByAppendingPath(queryValue).observeSingleEventOfType(.Value ... 另请参阅:
I started today with Firebase and try to create a sample iOS app. At the moment I'm stuck with securing my data.
Lets say I have this demo data.
{
"Demodata" : {
"demodata-1" : {
"id" : 1,
"uid" : 1234
}
}
}
and this rule file
{
"rules": {
"Demodata" : {
"$uid" : {
".read" : "auth.uid == $uid"
}
}
}
}
and a logged in user with the uid : 1234
I log in with this code.
ref.authUser(email, password: password,
withCompletionBlock: { error, authData in
completion(result: error)
})
Then I try to get the data with this code.
demoDataRef.queryOrderedByChild("id").queryEqualToValue(queryValue).observeSingleEventOfType(.Value, withBlock: { snapshot in
// do some stuff once
print(snapshot)
})
But I never get the data back from Firebase. When I remove the rule and add a ".read" : true to the parent everything works.
I'm sure I miss something but at the moment I'm a little bit lost. Maybe some one can point me in to the right direction.
There are two things wrong here. One of them is easy to fix, the other one is more difficult.
1. "Ordering skips a level"
You're missing a level in your JSON data. When you call queryOrderByChild("id") the ordering is applied to the "id" child property of each child node of demoDataRef.
To fix it, add a level for the users to your JSON:
{
"Demodata" : {
"demodata-1" : {
"user1": {
"id" : 1,
"uid" : 1234
},
"user2": {
"id" : 2,
"uid" : 2345
}
}
}
}
2. Rules are not filters
The second problem is that you're trying to execute a query on Demodata, but your user doesn't have read access to Demodata. This means that Firebase will immediately reject the operation. If you attach withCancelBlock, you'll see that rejection.
So while a user may be able to read a specific record (or even each specific record), they are not able to query the list of records. This is a common misunderstanding of Firebase's security rules that is covered in the documentation under rules cascade and rules are not filters.
Unfortunately this means that you'll typically have to pick a different way to structure your data. When storing users, the common solution is to store each user under their uid:
{
"Demodata" : {
"demodata-1" : {
"1234": {
"id" : 1,
"name" : "user1"
},
"2345": {
"id" : 2,
"name" : "user2"
}
}
}
}
Now each user can access their own profile with a direct lookup:
demoDataRef.childByAppendingPath(queryValue).observeSingleEventOfType(.Value...
Also see:
- How only grant read access to data that own specific value in Firebase?
- Firebase rules - Cannot access to each node
- Show only items that have userid as child
这篇关于firebase".read":"auth!= null&&auth.uid == $ uid“不能按预期工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
