Firebase Security&规则,我如何让用户删除自己的数据? [英] Firebase Security & Rules, How can I let users delete their own data?
问题描述
< pre $
-KF5N2V_dKD1dMHebUqc:{
note:大家好,
pos:{
lat:40.3628851,
lng:-74.0493175
},
time:1460395853884,
uid:f8cf7863-5607-4e2b-97d7-6a121261466c
},
-KHwyP-tnWNOA3nxzEm4:{
note:hi,
pos:{
lat:37.0947156,
lng :-121.0179501
},
time:1463459362615,
uid:f8cf7863-5607-4e2b-97d7-6a121261466c
}
我希望设置我的firebase规则,以便只有匿名用户才能删除自己的帖子。
到目前为止,我只能在阅读firebase文档后想出这个:
{
规则:{
.read:auth!= null,
.write:auth!= null,
$ msg:{
.validate :newData.hasChildren(['note','time','uid','pos'])
&& newData.child('note')。isString()&& newData.child('time')。isNumber()
&& newData.child('uid')。isString()&& newData.child('note')。isString()
&& newData.child('pos / lat')。isNumber()&& newData.child('pos / lng')。isNumber()
}
}
}
您需要将 .write
权限下移并将其绑定到数据:
{
rules:{
.read:auth!= null,
$ msg:{
.write:!data.exists()|| (!newData.exists()& amp; data.child('uid').val()=== auth.uid)
.validate:...
}
$ b $ p
$ b $ p $ Firebase文档的两个部分:
-
https://www.firebase.com/docs/security/guide/securing-data.html#section-data-variables < a>
-
https://www.firebase.com/docs/security/guide/user-security.html
My data in firebase looks like this, in my web app everyone who accesses it gets authenticated anonymously via firebase, and their UID is stored with every post the user creates:
"-KF5N2V_dKD1dMHebUqc" : {
"note" : "Hello everybody",
"pos" : {
"lat" : 40.3628851,
"lng" : -74.0493175
},
"time" : 1460395853884,
"uid" : "f8cf7863-5607-4e2b-97d7-6a121261466c"
},
"-KHwyP-tnWNOA3nxzEm4" : {
"note" : "hi",
"pos" : {
"lat" : 37.0947156,
"lng" : -121.0179501
},
"time" : 1463459362615,
"uid" : "f8cf7863-5607-4e2b-97d7-6a121261466c"
}
I want my firebase rules setup so that only anonymous users can delete their through own posts.
So far i was only able to come up with this after reading the firebase documentation:
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"$msg": {
".validate": "newData.hasChildren(['note','time','uid','pos'])
&& newData.child('note').isString() && newData.child('time').isNumber()
&& newData.child('uid').isString() && newData.child('note').isString()
&& newData.child('pos/lat').isNumber() && newData.child('pos/lng').isNumber()"
}
}
}
解决方案 You'll need to move the .write
permission down and tie it to the data:
{
"rules": {
".read": "auth != null",
"$msg": {
".write": "!data.exists() || (!newData.exists() && data.child('uid').val() === auth.uid)"
".validate": "..."
}
}
}
It's a bit of mix-and-match from these two sections of the Firebase documentation:
https://www.firebase.com/docs/security/guide/securing-data.html#section-data-variables
https://www.firebase.com/docs/security/guide/user-security.html
这篇关于Firebase Security&规则,我如何让用户删除自己的数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!