基于会员的安全 [英] Member based security
问题描述
我有下面的数据结构,我只想给项目1 ... projectN 上的写入权限,仅限于特定项目的成员列表中列出的用户。数据结构
对于身份验证,我使用Simplelogin机制。 | ---项目
| | --- project1
| | | ---会员
| | | --- simpleloginXXX:true
| | | --- simpleloginXYZ:true
| | --- project2
| | | ---会员
| | | --- simpleloginEFG:true
| | | --- simpleloginXYZ:true
有人能告诉我如何定义这个规则吗?或者我必须重新组织数据的结构?
谢谢。
>
这样的东西只允许用户写信给项目。 > {
projects:{
$ project:{$ b $.read:true,/ *任何人都可以读取* /
.write:root .child('projects /'+ $ project +'/ members /'+ auth.uid).exists()
}
}
}
更新:允许所有用户查看所有项目的列表
:如果你想列出所有用户的所有项目,你需要把 .read 放在 $ project :
{
projects:{
.read:true,
$ project:{$ b $.read:true,/ *任何人都可以读取* /
.write:root.child('projects /'+ $ project +'/ members / ()
code $ $ $ $ b 更新:只允许成员阅读项目
这些规则将允许用户只看到他们是一个成员的项目。
$ $ $
$ {
$ project $ {$ b $ $ $$ project $:{
.read:root.child('projects /'+ $ project +'/ members /'+ auth.uid).exists(),
.write:root.child('projects / '+ $ project +'/ members /'+ auth.uid).exists()
}
}
I have the following data structure and I like to grant write access on project1...projectN only to users listed in members list of the specific project. For authentication I am using the Simplelogin mechanism.
Data structure
|---projects
| |---project1
| | |---members
| | |---simpleloginXXX : true
| | |---simpleloginXYZ : true
| |---project2
| | |---members
| | |---simpleloginEFG : true
| | |---simpleloginXYZ : true
Could someone show me how to define this rule? Or do I have to reorganize the structure of the data?
Thanks.
Something like this will only allow a user to write to a project if they're a member of that project:
{
"projects": {
"$project": {
".read": true, /* anyone can read */
".write": "root.child('projects/'+$project+'/members/'+auth.uid).exists()"
}
}
}
Update: allowing all users to see a list of all projects
As you already discovered: if you want to list all projects for all users, you'll need to put .read outside of $project:
{
"projects": {
".read": true,
"$project": {
".read": true, /* anyone can read */
".write": "root.child('projects/'+$project+'/members/'+auth.uid).exists()"
}
}
}
Update: allowing only members to read a project
These rules will allow users to only see projects that they're a member of.
{
"projects": {
"$project": {
".read": "root.child('projects/'+$project+'/members/'+auth.uid).exists()",
".write": "root.child('projects/'+$project+'/members/'+auth.uid).exists()"
}
}
}
这篇关于基于会员的安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
