对某些用户的Firebase读取/写入权限 [英] Firebase read/write permission for certain users
问题描述
我有一个家庭,A,B,C,D 和 A 是领导者。我们有一名入侵者 E 。我们只希望 b,c,d 读取/写入A的数据。
所有这些字母(b,cd ,. ..)将是UID的
这是我到目前为止:
每个人都通过电子邮件进行身份验证。人们向 A 发送请求,以允许他的小组使用。如果他接受,他们可以读/写给他。
设计数据库Firebase
<
领导:{
A:{
允许:{
b:0,
c :0,
d:0
},
DATA:{
blah blah1:内容可由bcd写入,
blah blah2 :可由bcd写入的内容
},
请求:{
E:0
}
}
}
}
我可以使用CRUD移动 b,c,d 但是我如何制定规则,使得只有允许中的人可以读取/写入每个领导的数据?
{
rules:{
.read:auth!= null,
.write:auth!= null
领导者:{
.write:$ uid == ????
感谢您的帮助!
解决方案
{
rules:{
Leaders:{
$ leaderuid:{
.write: $ leaderuid == auth.uid,
DATA:{
.write:data.parent()。child('ALLOWED')。child(auth.uid).exists ()
}
}
}
}
}
我改变的事情:
DATA
如果他们的uid存在于 ALLOWED
节点中。
I have a family, A, b, c, d, and A is the leader. We have an intruder, E. We only want b, c, d to read/write A's data.
ALL OF THESE letters (b, c d,...) will be the UID's
Here is what I have so far:
Everyone is authenticated with email. People send requests to A to be allowed in his group. If he accepts, they can read/write to his.
Design for database Firebase
{
"Leaders" : {
"A" : {
"ALLOWED" : {
"b" : 0,
"c" : 0,
"d" : 0
},
"DATA" : {
"blah blah1" : "content writable by bcd",
"blah blah2" : "content writable by bcd"
},
"REQUESTS" : {
"E" : 0
}
}
}
}
I can use CRUD to move the b, c, d but how do I make the rules so that it follows that only people in the ALLOWED can read/write data for each leader?
{
"rules": {
".read": "auth != null",
".write": "auth != null"
"Leaders":{
".write": "$uid == ????"
}
}
}
Thanks for helping!
Should be a matter of checking if the node exists under the current leader:
{
"rules": {
"Leaders":{
"$leaderuid": {
".write": "$leaderuid == auth.uid",
"DATA": {
".write": "data.parent().child('ALLOWED').child(auth.uid).exists()"
}
}
}
}
}
Things I changed:
- Remove the top-level read/write rules. Otherwise any authenticated user can read/write all data and you can never take that permission away at a lower level anymore.
- The leader can write their entire node. I use
auth.uid
here as described in the documentation on securing user data. - A user can only write under
DATA
if their uid exists in theALLOWED
node.
这篇关于对某些用户的Firebase读取/写入权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!