在不使用自定义授权的情况下创建组访问权限 [英] Create group access to firebase storage without using custom authorization

问题描述

有没有一种方法来控制上传到Firebase存储的路径按组？
例如有一个管理员组，可以上传到任何地方，或者只能上传到特定路径的团队。

>经过四处寻找，我没有找到一个现成的答案，所以我会发布到目前为止。很高兴知道是否有其他（更好）的方法来做到这一点。

因为我试图不使用另一台服务器，所以自定义认证令牌不存在。但是，存储规则可以使用request.auth.uid。 uid属性与Auth区域中定义的其中一个用户相匹配。您需要在存储规则中创建一个函数，检查request.auth.uid是否在您定义的组中。

Firebase存储规则具有唯一的语法。它看起来像JavaScript，但它不是。你可以定义函数，但是你不能在其中声明一个var。另外还有一些类似javascript的方法。

例如，我第一次尝试以下方法失败：

  function isAdmin（）{
 return [value，list]。indexOf（request.auth.uid）> -1; 
} 
 
服务firebase.storage {...} 
  

当我试图定义一个var时规则编辑器抛出错误，或者当我使用.indexOf时它总是返回未经授权的。

下面的结果为我工作。
$ b $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $'$'$'$'用户名1
};

函数isSomeOtherGroup（）{
返回request.auth.uid {
yaddayaddaSomeOtherUID：用户名2，
YaddBlahBlahUID：用户名3
;


服务firebase.storage {
match / b /< your bucket here> / o {
match / {allPaths = **} {
允许读，写：if isAdmin（）;
}
match / path / {allPaths = **} {
允许读，写：if isSomeOtherGroup（）|| isAdmin（）;
}
}
}

Is there a way to control uploads to a path in Firebase Storage by group? For instance have an admin group that can upload anywhere or a team that can only upload to a certain path.

解决方案

After searching around a bit, I didn't find a ready answer, so I'll post what I have so far. It would be nice to know if there are other (better) ways of doing this.

Since I'm trying NOT to use another server, custom authentication tokens are out. However, the request.auth.uid is available to the storage rules. The uid property matches one of the users defined in the Auth area. You'll need to create a function in the storage rules that checks if request.auth.uid is in a group you define.

Firebase storage rules have a unique syntax. It sorta looks like javascript, but it's not. You can define functions, but you can't declare a var within them. Furthermore there is a subset of javascript-like methods available.

For instance, I first unsuccessfully tried the following:

function isAdmin() {
  return ["value","list"].indexOf(request.auth.uid) > -1;
}

service firebase.storage {...}

Either the rules editor threw errors when I tried to define a var OR it always returned "unauthorized" when I used .indexOf.

The following ended up working for me.

function isAdmin() {
  return request.auth.uid in {
    "yaddayadddayaddUserIDKey":"User Name1"
  };
}
function isSomeOtherGroup() {
  return request.auth.uid in {
    "yaddayaddaSomeOtherUID":"User Name2",
    "YaddBlahBlahUID":"User Name3"
  };
}

service firebase.storage {
  match /b/<your bucket here>/o {
    match /{allPaths=**} {
      allow read, write: if isAdmin();
    }
    match /path/{allPaths=**} {
        allow read, write: if isSomeOtherGroup() || isAdmin();
    }
  }
}

这篇关于在不使用自定义授权的情况下创建组访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！