Firebase安全规则：公开与私有数据 [英] Firebase Security Rules: Public vs. Private Data

问题描述

我有一个签名集合，每个签名都有几个属性：public：全名，城市，然后是电子邮件。

我想保留email属性private我一直在努力写出正确的规则，只返回全名和城市。这是我的rules.json到目前为止的样子：

  {
rules：{
 签名：{
$ signatureID：{
public：{
.read：true 
}，
email：{
.read：false 
} 
} 
} 
} 
} 
  

当我进入/签名结束点时，我希望收到带有公共数据的签名数组，并且不会收到电子邮件地址。 b

到目前为止，我还没有任何运气让我按照自己的方式工作。我做错了什么？我应该以不同的方式构建我的数据吗？

解决方案

关于安全规则，Firebase操作是全有或全无。

因此，尝试加载 / signatures 中的所有数据将失败，因为您的客户端没有读取权限所有的数据在这个位置，虽然你有权限阅读那里的一些数据。同样，写入到一个位置的行为也是一样的，在你的操作继续之前需要完全的权限。

为了处理这个用例，考虑重构你的数据，像这样：

  {
rules：{
.read：false，
 .write：false，
signatures-public：{
.read：true，
$ signatureID：{
 // ... public data here 
} 
}，
signatures-private：{
$ signatureID：{
 // ...这里的私人数据
} 
} 
} 
} 
  

I have a collection of signatures where each signature has a few properties: public: fullname, city and then email.

I want to keep the email property private and I've been struggling with writing the correct rules to only return fullname and city. Here is what my rules.json looks like so far:

{
    "rules": {
        "signatures": {
            "$signatureID": {
                "public": {
                    ".read": true
                },
                "email": {
                    ".read": false
                }
            }
        }
    }
}

When I go to the /signatures end point, I would like to receive an array of signatures with the public data and not receive the email addresses.

So far I haven't had any luck getting this to work the way I want it to. Am I doing something wrong? Should I structure my data differently?

解决方案

With respect to security rules, Firebase operations are all-or-nothing.

As a result, attempting to load all of the data at /signatures will fail because your client does not have permission to read all of the data at that location, though you do have permission to read some of the data there. Similarly, writing to a location behaves the same way, and full permission is required before your operation will continue.

To handle this use case, consider restructuring your data like this:

{
  "rules": {
    ".read": false,
    ".write": false, 
    "signatures-public": {
      ".read": true,
      "$signatureID": {
        // ... public data here
      }
    },
    "signatures-private": {
      "$signatureID": {
        // ... private data here
      }
    }
  }
}

这篇关于Firebase安全规则：公开与私有数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！