Firebase安全权限不起作用 [英] firebase security permission not working
问题描述
以下数据存储在我的 firebase 中:
firebaseRoot
admins
simplelogin:1:
用户
simplelogin:1
电子邮件:abc@xyz.com
图片:csd
提供者:密码
uid:simplelogin:1
simplelogin:2
email:abc1@xyz.com
图片:zsd
提供者:密码
uid:simplelogin:1
及以下安全规则:
<$ p $ ($ admin):{
.read:root.child('admins')。 uid).val()=== true,
.write:root.child('admins')。child(auth.uid).val()=== true
},
users:{
$ user:{$ b $.read:$ user === auth.id || root.child('admins')。 child(auth.uid).val()=== true,
.write:$ user === auth.id
}
}
code
$ b我的授权要求如下。
- 管理员只能被现有的管理员阅读和添加。这是有效的。
- 所有用户都可以被管理员读取,但不能写入用户数据。
- 用户可以读取和更新他的自己的用户数据。
目前通过上述规则,我无法读取管理员和登录用户的用户数据。我得到下面的错误消息。请提供您的帮助。感谢。
var rootRef =新的Firebase('https://xxxxx.firebaseio.com/');
var users = rootRef.child('users');
users.on('value',function(snap){
console.log(snap.key(),snap.val());
},function(error){
console.log(error);
});
错误:
错误:permission_denied:客户端没有权限访问所需的数据。
< Firebase安全规则有两个缺陷:
-
这意味着一旦你在JSON结构中给某人(读或写)访问某个级别的权限,你就不能马上在较低的级别上使用它。
href =https://www.firebase.com/docs/security/guide/securing-data.html#section-filter =nofollow>规则不是过滤器 - admins can be read and added only by the existing admin only. This works.
- All users can be read by the admin but should not be able to write user data.
- a user can read and update his own user data.
-
This means that once you give somebody (read or write) access on a certain level in the JSON structure, you cannot take that right away anymore on a lower level
-
This means that you can only read a node if you have read access to all data in that node. If you only have read access to part of the data, a read operation for the complete data will fail.
这意味着如果读取了该节点中的所有数据,则只能读取节点。如果您只能读取部分数据,则完整数据的读取操作将失败。
你的安全规则,你只允许阅读(一些)在用户下的孩子。所以试图阅读整个 users.on('value'将会失败。
你可以通过给管理员 .read 访问用户节点
users:{
.read:root.child('admins')。child(auth.uid).val()=== true,
$ user:{
.read:$ user === auth.id,
.write:$ user === auth.id
}
}
I have below data stored in my firebase:
firebaseRoot
admins
simplelogin:1:
users
simplelogin:1
email: abc@xyz.com
picture: csd
provider: password
uid: simplelogin:1
simplelogin:2
email: abc1@xyz.com
picture: zsd
provider: password
uid: simplelogin:1
and following security rules:
{
"rules": {
"admins": {
".read": "root.child('admins').child(auth.uid).val() === true",
".write": "root.child('admins').child(auth.uid).val() === true"
},
"users": {
"$user":{
".read": "$user === auth.id || root.child('admins').child(auth.uid).val() === true",
".write": "$user === auth.id"
}
}
}
}
My authorization requirements are as below.
Currently with above rules, I am not able read users data both for admins and logged in users. I get below error message. Please provide your help. Thanks.
var rootRef = new Firebase('https://xxxxx.firebaseio.com/');
var users = rootRef.child('users');
users.on('value', function(snap) {
console.log(snap.key(), snap.val());
}, function(error) {
console.log(error);
});
Error:
Error: permission_denied: Client doesn't have permission to access the desired data.
There are two pitfalls when it comes to Firebase security rules:
In your security rules, you only give permission to read (some of) the children under users. So trying to read the entire users.on('value' will fail.
You can solve this by giving the administrator .read access to the users node.
"users": {
".read": "root.child('admins').child(auth.uid).val() === true",
"$user":{
".read": "$user === auth.id",
".write": "$user === auth.id"
}
}
这篇关于Firebase安全权限不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
