简体   繁体   English

Python Firebase-用户身份验证?

[英]Python Firebase - User authentication?

I need some guidance with python and firebase. 我需要有关python和firebase的一些指导。 I'm trying to make some authentication rules, but I've hit a rough path. 我正在尝试制定一些身份验证规则,但是遇到了麻烦。

I'm building a db that is supposed to allow supervisors to see the information on the people they are in charge of and I want to restrict the access so they can only see the info regarding the people that has their name as Supervisor. 我正在建立一个数据库,该数据库应允许主管查看有关其主管人员的信息,并且我想限制访问权限,以便他们只能看到有关以主管身份命名的人员的信息。 Here is the example followed by the code: 这是代码后的示例:

name1 : John Paul - age : 34 - Department : IT - Supervisor : Peter M. name1 :John Paul- 年龄 :34- 部门 :IT- 主管 :Peter M.

name2 : Steve Dan - age : 40 - Department : Sells - Supervisor : Mike P. name2 :Steve Dan- 年龄 :40- 部门 :销售- 主管 :Mike P.

I want Mike P. to be able to check just the name(s) that have the Field Supervisor as Mike P. 我希望Mike P.能够仅检查具有字段主管作为Mike P的姓名。

This is what I have so far on the firebase rules: 到目前为止,这是我关于firebase规则的内容:

{
"rules": {
  "people":{
    "$supervisor":{
    ".read":"data.child($supervisor).child('Supervisor').val() === auth.super_name"
}}}}

But it does not work :'( It only works if I use an exact name (Ex: Steve Dan) and eliminate the variable $supervisor. 但这是行不通的:'(仅当我使用确切的名称(例如:史蒂夫·丹(Steve Dan))并消除了变量$ supervisor时,它才有效。

I will appreciate any help, tips, tricks, any thing. 我将不胜感激任何帮助,技巧,窍门。


EDIT: 编辑:

在此处输入图片说明

Your security rules should work if you remove .child($supervisor) . 如果删除.child($supervisor)则安全规则将起作用。 So: 所以:

{
"rules": {
  "people":{
    "$supervisor":{
    ".read":"data.child('Supervisor').val() === auth.super_name"
}}}}

However, it requires the super_name to be set as part of the authentication. 但是,它要求将super_name设置为身份验证的一部分。 Did you do so? 你这样做了吗?

You could try testing your security rules with the Simulator at the Firebase Dashboard first ( https://YourFirebase.firebaseio.com/?page=Simulator ). 您可以先在Firebase控制台( https://YourFirebase.firebaseio.com/?page=Simulator )上使用模拟器测试安全规则。 This way you can determine whether the problem is with your rules or with your Python code. 这样,您可以确定问题出在您的规则还是Python代码上。 Your 'Custom Auth' field would be { super_name: "Mike P." } 您的“自定义{ super_name: "Mike P." }验证”字段为{ super_name: "Mike P." } { super_name: "Mike P." } . { super_name: "Mike P." }

The naming of $supervisor in the security rules is somewhat surprising. 安全规则中$supervisor的命名有些令人惊讶。 Should this not be $person , as it is a list of persons? 应该不是$person ,而是$person列表吗?

Well thanks to the help of @Marein and @FrankvanPuffelen I manage to get it to work. 好吧,由于@Marein和@FrankvanPuffelen的帮助,我设法使其工作。 The Simulator was pretty helpful by the way. 顺便说一下,模拟器非常有用。

This is what I did: 这是我所做的:

my firebase authentication auth = firebase.FirebaseAuthentication(mySecret, None, extra = {'super_name':'Mike P.'}) 我的auth = firebase.FirebaseAuthentication(mySecret, None, extra = {'super_name':'Mike P.'})身份验证auth = firebase.FirebaseAuthentication(mySecret, None, extra = {'super_name':'Mike P.'})

my rules: 我的规则:

{
"rules": {
  "workers":{
      "$gender":{
        "$worker":{
          ".read":"data.child('supervisor').val() === auth.super_name" }
        }}}}

Now when "Mike P." 现在当“麦克P.” enters his name (and later a password, don't know how to do that yet), he only will be allowed to see the info on the workers whose supervisor is Himself. 输入他的名字(后来输入密码,还不知道该怎么做),他将只被允许查看有关其主管为自己的工人的信息。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM