Firebase规则 - 无法访问每个节点 [英] Firebase rules - Cannot access to each node

问题描述

我正在使用Firebase开发应用程序。我在Firebase上有以下数据结构：

  {
 rules：{
version：{ 
threads：{
$ thread：{
noticeList：{$ b $.read：true，$ b $.write：true 
}，
messages：{
.read：root.child（'version / threads /'+ $ thread +'/ users /'+ auth.uid）.exists （），
.write：root.child（'version / threads /'+ $ thread +'/ users /'+ auth.uid）.exists（）
，
$ other：{
.read：auth！= null，
.write：auth！= null
} 
} 
 
 
 
 
 
 
 $ b $ p $每个线程都有子节点 / users / ，我想制定一个规则，只有被包含的用户可以在该线程中读取和写入消息。
 
 
 
添加新消息时，还有一个条件需要访问 noticeList 。但是，这些规则不起作用。如果'$ thread'中有其他节点规则，当我使用
 
 
  firebase.child （version / threads /+ $ thread +/noticeList\").once(\"value，function（snapshot）{}）; 
  
或
 <$ c＃c> firebase.child（version / threads）。once（value，function（snapshot）{}）; 
  
我该如何解决它？ 
 
 
感谢您的查询以此开始： 
 
 
  
 
解决方案
  firebase.child（version / threads /+ $ thread +/ noticeList）
  
执行此查询时，Firebase将检查用户是否有权读取节点。在这种情况下，用户没有这样做，所以查询失败。
 
 
 
在Firebase安全规则方面，这是人们常犯的错误。 Firebase文档将其解释为规则不是过滤器 a>，这正是你想要做的。
 
 
 
不幸的是，对于你的场景，文档还解释说： rules cascade 。这基本上意味着，如果您允许用户读取 noticeList 的访问权限，则无法在较低级别读取访问权限。
 
 
让这个工作最简单的方法可能是为每个用户提供他们可以访问的通知的索引。  
 
 
 版本
线程
 $线程
 userNoticeList 
< userid1> 
< messageid1>：true 
< messageid2>：true 
< userid2> 
< messageid1>：true 
< messageid3>：true 
  
是一个相当典型的非规范化数据。
 
I'm working on an app using Firebase. I have the following data structure on Firebase:
{
   rules: {
      "version": {
         "threads": {
            "$thread": {
               "noticeList": {
                   ".read": true,
                   ".write": true
               },
               "messages": {
                   ".read": "root.child('version/threads/' + $thread + '/users/' + auth.uid).exists()",
                   ".write": "root.child('version/threads/' + $thread + '/users/' + auth.uid).exists()"
               },
               "$other": {
                    ".read": "auth != null",
                    ".write": "auth != null"
               }
            }
         }
     }
}
Each thread has subnode /users/ and I want to make a rule that only included users can read and write the messages in that thread.

There are one more condition that I have to access to noticeList when the new messages are added. However, these rules do not work. If there are other node rules in the '$thread', I couldn't get any respond when I used 
firebase.child("version/threads/" + $thread + "/noticeList").once("value", function(snapshot) {});
or
firebase.child("version/threads").once("value", function(snapshot) {});
How can I fix it?

Thanks
解决方案
Your query starts at this:
firebase.child("version/threads/" + $thread + "/noticeList")
When you execute this query, Firebase checks if the user has rights to read the node. Which in this case the user doesn't, so the query fails.

This is a common mistake people make when it comes to Firebase security rules. The Firebase documentation explains it as "rules are not filters", which is exactly what you're trying to do.

Unfortunately for your scenario, the documentation also explains that "rules cascade". This essentially means that if you give users read access to noticeList, you cannot take te read access away at a lower level.

The easiest way to get this to work is probably to give each user their own index of notices they can access. 
version
  threads
    $thread
      userNoticeList
        <userid1>
          <messageid1>: true
          <messageid2>: true
        <userid2>
          <messageid1>: true
          <messageid3>: true
This is a fairly typical denormalization of the data.

                        
这篇关于Firebase规则 - 无法访问每个节点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！