Firebase用户全部阅读,写入新内容,但只能修改自己的数据 [英] Firebase user read all, write new, but only modify his own data
问题描述
我在Firebase上有下一个场景:
有两件事,用户和事件 / p>
我希望用户能够创建新的事件,查看所有现有事件,但只能只修改由它们创建的事件。
这意味着UserOne创建了EventOne,可以看到EventOne和EventTwo,但只能修改EventOne。
我的结构如下:
$ $ p $ -events
-eventOne
endTime:
id:
名称:
providerId:
startTime:
userId:
-eventTwo
endTime:
id :
名称:
providerId:
startTime:
userId:
-users
-userOne
-userTwo
我现在的规则几乎是默认的:
{
rules:{
users:{
$ uid:{
//授予对该用户帐户所有者的写入权限,该用户帐户的uid必须与该密钥完全匹配($ uid)
.write:auth!== null& &安培; auth.uid === $ uid,
//授予任何使用电子邮件和密码登录的用户的读取权限
.read:auth!= null&& auth.uid == $ uid
},
events:{
.read:auth!= null,
。写:auth!= null
}
}
}
为了确保所有的用户都能看到所有的事件,你可以设置读取规则为:
true 或 auth!= null ,如果您要求读者至少为了确保事件只能由其创建者修改,请将原始作者记录在事件旁边,并使用 auth.uid <值>来验证它。
/ code>。
{
rules:{
events:{
$ eventid:{
.read:auth!= null,
.write:auth!= null&& (!data.exists()|| data.child('author')。val()=== auth.uid)&& newData.hasChild('author'),
author:{
.write:newData.val()=== auth.uid
}
}
}
$ $ $ $ $ $ $ $ $ $ $ $ $上面我们使用< code!!data.exists()来检查这个位置是否存在一个事件,如果没有事件存在,任何人都可以在这个位置添加一个事件。 $ c> data.child('author')。val()=== auth.uid
确保如果一个事件存在,只有作者可以修改它。
I have the next scenario on Firebase:
There are 2 things, Users and events.
I would like the Users to be able to create new Events, see all the existing events but be only able to modify only the events that were created by them.
Meaning that UserOne created EventOne, can see EventOne and EventTwo, but can only modify EventOne.
My structure is as follows:
-events
-eventOne
endTime:
id:
name:
providerId:
startTime:
userId:
-eventTwo
endTime:
id:
name:
providerId:
startTime:
userId:
-users
-userOne
-userTwo
And my current rules are pretty much the default ones:
{
"rules": {
"users": {
"$uid": {
// grants write access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
// grants read access to any user who is logged in with an email and password
".read": "auth != null && auth.uid == $uid"
}
},
"events": {
".read": "auth != null",
".write": "auth != null"
}
}
}
Thanks in advance.
解决方案 To ensure that all users can see all events, you can set the read-rule for events to either be true or auth != null, using the latter if you want to require that readers are at least authenticated.
To ensure that events can only be modified by their creator, record the original author alongside the event and validate it using auth.uid.
{
"rules": {
"events": {
"$eventid": {
".read": "auth != null",
".write": "auth != null && (!data.exists() || data.child('author').val() === auth.uid) && newData.hasChild('author')",
"author": {
".write": "newData.val() === auth.uid"
}
}
}
}
}
Above, we use !data.exists() to check whether or not there is an existing event at this location. If no event exists, anyone can add one at this location. Next, data.child('author').val() === auth.uid ensures that if an event exists, only the author can modify it.
这篇关于Firebase用户全部阅读,写入新内容,但只能修改自己的数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
