Firebase安全规则是否可以检查某人是否具有特定的访问权限? [英] Can a Firebase Security Rule check if someone has specific access rights?
问题描述
var token = tokenGenerator.createToken({uid:1234,access:[file1,file2,file3]} );
我想通过设置以下安全规则来检查用户是否可以访问特定文件:
{
rules:{
.read:true,
.write :file3 in auth.access
}
}
我是不知道这是否有效,或者是否有类似的Firebase安全模式。我想给每个用户颁发唯一的安全令牌,允许他们访问某些文件。
你正在描述的是一个表单基于角色的安全性,您绝对可以在Firebase上进行构建。
$ b 这要求您将角色存储在Firebase中(而不是将其动态添加到令牌中):
用户
twitter:214
文件
file1:true
file2:true
twitter:469
files
file2:true
然后您的规则是:
。write:root.child('users /'+ auth.uid +'/ files / file1')。exists()
Can I use the keyword "in" to check if a user's authentication matches a Firebase security rule?
For example, I create a user token with:
var token = tokenGenerator.createToken({ "uid": "1234", "access": [file1, file2, file3] });
I want to check if the user can access a particular file by setting the following security rule:
{
"rules": {
".read": true,
".write": "file3 in auth.access"
}
}
I am not sure if this works or is there a similar pattern for Firebase security. I want to issue each user unique security tokens that allows them to access certain files.
What you're describing is a form of role-based security, which you can definitely build on Firebase.
This requires that you store the roles in your Firebase (and not just dynamically add them to the token):
users
twitter:214
files
file1: true
file2: true
twitter:469
files
file2: true
Your rule would then be:
".write": "root.child('users/'+auth.uid+'/files/file1').exists()"
这篇关于Firebase安全规则是否可以检查某人是否具有特定的访问权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!