Firebase安全权限不起作用 [英] firebase security permission not working
问题描述
以下数据存储在我的 firebase
中:
firebaseRoot
admins
simplelogin:1:
用户
simplelogin:1
电子邮件:abc@xyz.com
图片:csd
提供者:密码
uid:simplelogin:1
simplelogin:2
email:abc1@xyz.com
图片:zsd
提供者:密码
uid:simplelogin:1
及以下安全规则:
<$ p $ ($ admin):{
.read:root.child('admins')。 uid).val()=== true,
.write:root.child('admins')。child(auth.uid).val()=== true
},
users:{
$ user:{$ b $.read:$ user === auth.id || root.child('admins')。 child(auth.uid).val()=== true,
.write:$ user === auth.id
}
}
code
$ b我的授权要求如下。
- 管理员只能被现有的管理员阅读和添加。这是有效的。
- 所有用户都可以被管理员读取,但不能写入用户数据。
- 用户可以读取和更新他的自己的用户数据。
目前通过上述规则,我无法读取管理员和登录用户的用户数据。我得到下面的错误消息。请提供您的帮助。感谢。
var rootRef =新的Firebase('https://xxxxx.firebaseio.com/');
var users = rootRef.child('users');
users.on('value',function(snap){
console.log(snap.key(),snap.val());
},function(error){
console.log(error);
});
错误:
错误:permission_denied:客户端没有权限访问所需的数据。
< Firebase安全规则有两个缺陷:
-
这意味着一旦你在JSON结构中给某人(读或写)访问某个级别的权限,你就不能马上在较低的级别上使用它。
href =https://www.firebase.com/docs/security/guide/securing-data.html#section-filter =nofollow>规则不是过滤器 - admins can be read and added only by the existing admin only. This works.
- All users can be read by the admin but should not be able to write user data.
- a user can read and update his own user data.
-
This means that once you give somebody (read or write) access on a certain level in the JSON structure, you cannot take that right away anymore on a lower level
-
This means that you can only read a node if you have read access to all data in that node. If you only have read access to part of the data, a read operation for the complete data will fail.
这意味着如果读取了该节点中的所有数据,则只能读取节点。如果您只能读取部分数据,则完整数据的读取操作将失败。
你的安全规则,你只允许阅读(一些)在用户
下的孩子。所以试图阅读整个 users.on('value'
将会失败。
你可以通过给管理员 .read
访问用户
节点
users:{
.read:root.child('admins')。child(auth.uid).val()=== true,
$ user:{
.read:$ user === auth.id,
.write:$ user === auth.id
}
}
I have below data stored in my firebase
:
firebaseRoot
admins
simplelogin:1:
users
simplelogin:1
email: abc@xyz.com
picture: csd
provider: password
uid: simplelogin:1
simplelogin:2
email: abc1@xyz.com
picture: zsd
provider: password
uid: simplelogin:1
and following security rules:
{
"rules": {
"admins": {
".read": "root.child('admins').child(auth.uid).val() === true",
".write": "root.child('admins').child(auth.uid).val() === true"
},
"users": {
"$user":{
".read": "$user === auth.id || root.child('admins').child(auth.uid).val() === true",
".write": "$user === auth.id"
}
}
}
}
My authorization requirements are as below.
Currently with above rules, I am not able read users data both for admins and logged in users. I get below error message. Please provide your help. Thanks.
var rootRef = new Firebase('https://xxxxx.firebaseio.com/');
var users = rootRef.child('users');
users.on('value', function(snap) {
console.log(snap.key(), snap.val());
}, function(error) {
console.log(error);
});
Error:
Error: permission_denied: Client doesn't have permission to access the desired data.
There are two pitfalls when it comes to Firebase security rules:
In your security rules, you only give permission to read (some of) the children under users
. So trying to read the entire users.on('value'
will fail.
You can solve this by giving the administrator .read
access to the users
node.
"users": {
".read": "root.child('admins').child(auth.uid).val() === true",
"$user":{
".read": "$user === auth.id",
".write": "$user === auth.id"
}
}
这篇关于Firebase安全权限不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!