我正在使用Firebase实时数据库。 我有以下数据:
我也有规则:
{ "rules": { ".read": "auth != null", ".write": "auth != null", "chat": { "$key": { ".read": "data.child('memberId1').val() === auth.uid && data.child('memberId2').val() === auth.uid", ".write": "data.child('memberId1').val() === auth.uid || data.child('memberId2').val() === auth.uid" } },最初的规则非常有效:
".read": "auth != null", ".write": "auth != null",问题
以下2条规则无效。
"chat": { "$key": { ".read": "data.child('memberId1').val() === auth.uid && data.child('memberId2').val() === auth.uid", ".write": "data.child('memberId1').val() === auth.uid || data.child('memberId2').val() === auth.uid" } },正如您所看到的,为了测试这些规则,在第一条规则中,我已经使memberId1和memberId2的不可能条件都等于用户uid 。 结果我希望它失败。
如果我删除:
".read": "auth != null", ".write": "auth != null",并且只有:
"chat": { "$key": { ".read": "data.child('memberId1').val() === auth.uid || data.child('memberId2').val() === auth.uid", ".write": "data.child('memberId1').val() === auth.uid || data.child('memberId2').val() === auth.uid" } },然后访问被拒绝。 即使我将其更改为:
"data.child('memberId1').val() === 'h6qQg5YfQveTaCyBEXwDMSJPqwk1'以下内容也被否认:
"chat": { "Ko7w9XTtuRVN4p6CMp7": { ".read": true,题
我应该如何构造规则以允许用户只访问其uid与memberId1或memberId2匹配的行?
谢谢
UPDATE
我有以下代码:
findChats(): Observable<any[]> { return this.af.database.list('/chat/', { query: { orderByChild: 'negativtimestamp' } }).map(items => { const filtered = items.filter( item => (item.memberId1 === this.me.uid || item.memberId2 === this.me.uid) ); return filtered; }); }我的问题与此类似。 我尝试以下但没有成功:
{ "rules": { "chat": { "$id": { ".read": true } },I am using a Firebase Realtime Database. I have the following data:
I also have the rules:
{ "rules": { ".read": "auth != null", ".write": "auth != null", "chat": { "$key": { ".read": "data.child('memberId1').val() === auth.uid && data.child('memberId2').val() === auth.uid", ".write": "data.child('memberId1').val() === auth.uid || data.child('memberId2').val() === auth.uid" } },The initial rule works perfectly:
".read": "auth != null", ".write": "auth != null",Problem
The following 2 rules have no effect.
"chat": { "$key": { ".read": "data.child('memberId1').val() === auth.uid && data.child('memberId2').val() === auth.uid", ".write": "data.child('memberId1').val() === auth.uid || data.child('memberId2').val() === auth.uid" } },As you can see, in order to test these rules, in the first rule, I have made an impossible condition of memberId1 and memberId2 both equal to the users uid. As a result I would expect it to fail.
If I remove:
".read": "auth != null", ".write": "auth != null",and just have:
"chat": { "$key": { ".read": "data.child('memberId1').val() === auth.uid || data.child('memberId2').val() === auth.uid", ".write": "data.child('memberId1').val() === auth.uid || data.child('memberId2').val() === auth.uid" } },Then access is denied. Even if I change it to:
"data.child('memberId1').val() === 'h6qQg5YfQveTaCyBEXwDMSJPqwk1'The following is also denied:
"chat": { "Ko7w9XTtuRVN4p6CMp7": { ".read": true,Question
How should I structure the rules to allow that a user may only access a row where their uid matches either memberId1 or memberId2?
Thanks
UPDATE
I have the following code:
findChats(): Observable<any[]> { return this.af.database.list('/chat/', { query: { orderByChild: 'negativtimestamp' } }).map(items => { const filtered = items.filter( item => (item.memberId1 === this.me.uid || item.memberId2 === this.me.uid) ); return filtered; }); }My question is similar to this one. I try the following with no success:
{ "rules": { "chat": { "$id": { ".read": true } },最满意答案
Firebase规则是原子的。 因此,如果您尝试阅读/chat (这就是您当前正在做的事情),它只会检查/chat分支规则。 由于你在/chat没有任何规则,因此默认情况下不会提供访问权限。 因此,只有在您尝试阅读/chat/chatId才会评估您的规则。
您可以采用的一种可能解决方案是存储每个用户所属的聊天列表。 因此,您可以保留当前的聊天分支,但使用以下结构将另一个分支存储在数据库中:
user_chats: { uid1: { chatId1: true, chatId2: false } uid2: ... }和规则:
"user_chats": { "$uid": { ".read": "auth.uid === $uid", ".write": "auth.uid === $uid" } }然后你可以像你已经拥有它们一样保留你的chat规则,但首先从/user_chats/uid获取数据,然后为每个chatId检索你,你需要阅读chat/chatId 。
Firebase rules are atomic. So if you try to read /chat (and thats what you are currently doing) it will only check the /chat branch rules. Since you dont have any rule in /chat it goes for the default thats is not giving access. Therefore, your rules would only be evaluated in case you were trying to read /chat/chatId.
One possible solution you could go for is to store a list of chats which each user is part of. So you can keep your current chat branch but store another branch in the database with the following structure:
user_chats: { uid1: { chatId1: true, chatId2: false } uid2: ... }And rules:
"user_chats": { "$uid": { ".read": "auth.uid === $uid", ".write": "auth.uid === $uid" } }Then you could keep your chat rules like you already have them but first get the data from /user_chats/uid and then for each chatId retrieved you you will need to read on chat/chatId.
更多推荐
发布评论