我无法在文档中找到它,但是有没有办法定义一组用户,并使用该组授予对不同位置的访问权限,而不是授予个人用户访问权限?
问候, LT
解决方案因为你可以很容易地代表他们。这里有两个选项,取决于你的情况。
在firebase中存储组信息以下数据可能被用来代表2个组('alpha'和'beta')和3个受保护的数据('thing1','thing2'和'thing3') <$ p groups:{alpha:{joe:true,sally:true beta:{joe:true,fred:true } },data: {thing1:{group:alpha / *只能由alpha组访问数据* / },thing2 :{group:beta / *只能由beta组访问的数据* / },thing3:{ group:alpha / *alpha组可以访问更多的数据* / } } } 然后,我们可以使用以下规则来执行安全性: $ b {rules:{data:{$ thing:{.read :root.child('groups')。child(data.child('group').val())。hasChild(auth.id),.write:root.child hasChild(auth.id)} } } } $ b('group')。child(data.child('group')。那么如果我使用{id:'sally'}进行身份验证作为我的身份验证对象,那么我将会使用{$ b $ / code>
$ b>
有权访问thing1和thing3,而不是thing2。
在auth令牌中存储组信息您正在生成自己的身份验证令牌,并且您知道用户在进行身份验证时所处的组,您可以将组列表存储在您生成的身份验证令牌中。例如,为用户'fred'生成授权令牌时,请包括{id:'fred',groups:{alpha:true,beta:true}} < $ b
{rules:{数据:{$ thing:{.read:auth [data.child('group').val()]!= null,。写:auth [data.child('group').val()]!= null} } } }
I couldn't find it in the docs but is there a way to define a group of users and use that group to grant access to different locations, rather than granting access to individual users?
Regards, LT
解决方案There's no explicit support for "groups" in Firebase, because you can represent them yourself quite easily. Here are two options, depending on your situation.
Storing group information in firebase.The following data could be used to represent 2 groups ('alpha' and 'beta') and 3 pieces of protected data ('thing1', 'thing2', and 'thing3')
{ "groups": { "alpha": { "joe": true, "sally": true }, "beta": { "joe": true, "fred": true } }, "data": { "thing1": { "group": "alpha" /* data accessible only by the "alpha" group */ }, "thing2": { "group": "beta" /* data accessible only by the "beta" group */ }, "thing3": { "group": "alpha" /* more data accessible by the "alpha" group */ } } }Then we can use the following rules to enforce security:
{ "rules": { "data": { "$thing": { ".read": "root.child('groups').child(data.child('group').val()).hasChild(auth.id)", ".write": "root.child('groups').child(data.child('group').val()).hasChild(auth.id)" } } } }So then if I'm authenticated with { id: 'sally' } as my auth object, I'll have access to thing1 and thing3, but not thing2.
Storing group information in the auth token.If you're generating your own auth tokens and you know what groups a user is in at the time they auth, you could store the list of groups in the auth token you generate. For example, when you generate the auth token for user 'fred', include "{ id: 'fred', groups: { alpha: true, beta: true } }"
And then you can enforce group membership with:
{ "rules": { "data": { "$thing": { ".read": "auth[data.child('group').val()] != null", ".write": "auth[data.child('group').val()] != null" } } } }
更多推荐
将访问Firebase位置授予一组用户
发布评论