管理团队权限并允许两个用户组成同一个团队来访问节点 [英] Managing team permissions and allowing two users form the same team to access a node
问题描述
我允许使用Google登录到我的Firebase网络应用程序。
我通过auth.uid来控制对数据库的访问:
$ $
$ rules $ {
users:{
$ uid:{
.read:auth.uid === $ uid,
.write:auth .uid!== null,
images:{
.read:auth.uid === $ uid,
.write:auth.uid === $ uid,
},
...
I想让用户团队中的其他用户访问他/她的图像。我去了文档,但无法找到一个办法来实现这一目标。任何想法?安全规则能够从其他键读取数据,所以有可能构建基于规则的存在一个关键(即一个团队的成员)。
path / groups / {$ teamKey} / members / {$ userId}是布尔值{
...
}
path / users / {$ userId} / shares / {$ teamKey } {
...
read(){root.teams [$ teamKey] .members [auth.uid]!== null}
}
<$ c $
c $ ...
users:{
$ userId:{
...
shares:{
$ teamKey:{
...
.read:root.child('teams')。child($ teamKey).child('members')。child(auth.uid).val()! = null,
...
希望这样做会有道理。基本上,对于一个团队来说是一个关键,它包含了用户ID(带有布尔值)。并且通过验证其成员身份(即,通过检查团队密钥下是否存在用户标识密钥),将对用户密钥下的共享信息的读访问授予其他团队成员。本质上,您将驱动安全规则的数据存储在数据库本身中。
您不必使用Bolt,但是我觉得比JSON表示。 Bolt语言文档包含有关 RuleDataSnapshot方法对于Bolt定义和JSON定义。
I allow login with Google to my Firebase web app. I control access to the database by the auth.uid:
{
"rules": {
"users": {
"$uid": {
".read": "auth.uid === $uid",
".write":"auth.uid !== null",
"images": {
".read": "auth.uid === $uid",
".write":"auth.uid === $uid",
},
...
I want to enable other users in the user's team to access his/her images. I went over the docs but couldn't find a way to accomplish that. Any ideas?
Security rules are able to read data from other keys, so it's possible to construct rules that are based upon the existence of a key (i.e. membership of a team).
What's below is a small fragment of the Bolt rules that I've used for a Firebase database:
path /teams/{$teamKey}/members/{$userId} is Boolean {
...
}
path /users/{$userId}/shares/{$teamKey} {
...
read() { root.teams[$teamKey].members[auth.uid] !== null }
}
The JSON would look something like this:
...
"users": {
"$userId": {
...
"shares": {
"$teamKey": {
...
".read": "root.child('teams').child($teamKey).child('members').child(auth.uid).val() != null",
...
Hopefully, that will make some sense. Basically, there is a key for a team and it contains user ids (with boolean values). And read access to shared information under a user's key is granted to other team members by verifying their membership - that is, by checking for the existence of a user id key under the team key. Essentially, you store the data that drives the security rules in the database itself.
You don't have to use Bolt, but I find it much easier to manage than the JSON representation. The Bolt language documentation contains information on the RuleDataSnapshot Methods for both the Bolt definitions and the JSON definitions.
这篇关于管理团队权限并允许两个用户组成同一个团队来访问节点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
