在firebase中,如何获得特定的密钥,同时允许访问其他人 [英] In firebase, how do you secure a specific key whilst allowing access to others
问题描述
假设我在firebase中拥有以下json数据结构
{
users:{
userguid001:{
name:Test User 1,
email:test1@test.com,
emailverified:true,
otherinfo1:一些文字,
otherinfo2:多一些文字 ,
otherinfo3:和更多文字
,
userguid002:{
name:测试用户2,
email :test2@test.com,
emailverified:true,
otherinfo1:一些文本,
otherinfo2:多一些文字,
otherinfo3:和更多文本
},
userguid003:{
name:测试用户3,
email: test3@test.com,
emailverified:true,
otherinfo1:一些文本,
otherinfo2:多一些文本,
otherinfo3:和一些文字
}
}
有没有什么办法可以让用户(知道一个userguid)一般的读/写访问权限用户分支,并同时不允许写入访问该分支内的特定键 - 即emailverified和电子邮件?
我需要这个,因为我们做一些服务器端处理验证电子邮件地址,我们不希望人们能够输入验证的电子邮件地址,而无需通过我们的验证系统。
我正在考虑安全规则的东西沿线但是这显然不符合firebase中读/写逻辑流向的方式:
{
rules :{
.read:false,
.write:false,
users:{
$ userid:{
读:真,
.write:真,
emailverified:{
.read:true,
.write:false
},
email:{
.read:true,
.write:false
}
}
}
}
}
在这个阶段我唯一能做的就是把它分成两个根分支(一个用户可以读/写入和只能读取的一个)。我已经看到这个方法提到了几次,但只是想知道是否有什么我可以做的,以保持在一个分支。
道歉,如果这是一个重复的问题,但我很难理解一些在许多问题中提出的例子,因为它们看起来完全不符合我的要求。
谢谢。
因为安全规则级联和不能用作过滤器的答案将不得而知。请查看指南,并保存在这里一些颠簸。
解决方案是将私有数据和公共数据分解到它们自己的路径。
/ user_profiles / $ user_id / email_verified
/ private_user_data / $ user_id / email
Having issues getting my head round firebase security yet again.
Say I have the following json data structure in firebase
{
"users" : {
"userguid001" : {
"name" : "Test User 1",
"email" : "test1@test.com",
"emailverified" : "true",
"otherinfo1": "some text",
"otherinfo2": "some more text",
"otherinfo3": "and some more text"
},
"userguid002" : {
"name" : "Test User 2",
"email" : "test2@test.com",
"emailverified" : "true",
"otherinfo1": "some text",
"otherinfo2": "some more text",
"otherinfo3": "and some more text"
},
"userguid003" : {
"name" : "Test User 3",
"email" : "test3@test.com",
"emailverified" : "true",
"otherinfo1": "some text",
"otherinfo2": "some more text",
"otherinfo3": "and some more text"
}
}
}
Is there any way I can allow users (who know a userguid) general read/write access to the specific users branch and at the same time disallow write access to specific keys within that branch - namely "emailverified" and "email"?
I need this as we do some server side processing to validate email addresses and we dont want people to be able to enter verified email addresses without coming via our validation system.
I was thinking security rules something along the lines of the following but this obviously doesnt work with the way read/write logic flows down in firebase:
{
"rules": {
".read": false,
".write": false,
"users": {
"$userid": {
".read": true,
".write": "true",
"emailverified" : {
".read": true,
".write": "false"
},
"email" : {
".read": true,
".write": "false"
}
}
}
}
}
The only way I can think to do this at this stage is to split it into two root branches (one the users can read/write to and one that they can only read from). I have seen this method mentioned a few times but just wondering if there is anything I can do to keep it all under one branch.
Apologies if this is a duplicate question but I struggle to understand some of the examples being presented in many questions as they dont seem to match my requirements exactly.
Thanks.
Since security rules cascade and cannot be used as filters the answer would have to be no. Please check out the guide and save yourself some thrashing here.
The solution is to split private and public data to their own paths.
/user_profiles/$user_id/email_verified
/private_user_data/$user_id/email
这篇关于在firebase中,如何获得特定的密钥,同时允许访问其他人的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
