[英]Python Firebase - User authentication?
I need some guidance with python and firebase. 我需要有关python和firebase的一些指导。 I'm trying to make some authentication rules, but I've hit a rough path. 我正在尝试制定一些身份验证规则,但是遇到了麻烦。
I'm building a db that is supposed to allow supervisors to see the information on the people they are in charge of and I want to restrict the access so they can only see the info regarding the people that has their name as Supervisor. 我正在建立一个数据库,该数据库应允许主管查看有关其主管人员的信息,并且我想限制访问权限,以便他们只能看到有关以主管身份命名的人员的信息。 Here is the example followed by the code: 这是代码后的示例:
name1 : John Paul - age : 34 - Department : IT - Supervisor : Peter M. name1 :John Paul- 年龄 :34- 部门 :IT- 主管 :Peter M.
name2 : Steve Dan - age : 40 - Department : Sells - Supervisor : Mike P. name2 :Steve Dan- 年龄 :40- 部门 :销售- 主管 :Mike P.
I want Mike P. to be able to check just the name(s) that have the Field Supervisor as Mike P. 我希望Mike P.能够仅检查具有字段主管作为Mike P的姓名。
This is what I have so far on the firebase rules: 到目前为止,这是我关于firebase规则的内容:
{
"rules": {
"people":{
"$supervisor":{
".read":"data.child($supervisor).child('Supervisor').val() === auth.super_name"
}}}}
But it does not work :'( It only works if I use an exact name (Ex: Steve Dan) and eliminate the variable $supervisor. 但这是行不通的:'(仅当我使用确切的名称(例如:史蒂夫·丹(Steve Dan))并消除了变量$ supervisor时,它才有效。
I will appreciate any help, tips, tricks, any thing. 我将不胜感激任何帮助,技巧,窍门。
EDIT: 编辑:
Your security rules should work if you remove .child($supervisor)
. 如果删除.child($supervisor)
则安全规则将起作用。 So: 所以:
{
"rules": {
"people":{
"$supervisor":{
".read":"data.child('Supervisor').val() === auth.super_name"
}}}}
However, it requires the super_name
to be set as part of the authentication. 但是,它要求将super_name
设置为身份验证的一部分。 Did you do so? 你这样做了吗?
You could try testing your security rules with the Simulator at the Firebase Dashboard first ( https://YourFirebase.firebaseio.com/?page=Simulator ). 您可以先在Firebase控制台( https://YourFirebase.firebaseio.com/?page=Simulator )上使用模拟器测试安全规则。 This way you can determine whether the problem is with your rules or with your Python code. 这样,您可以确定问题出在您的规则还是Python代码上。 Your 'Custom Auth' field would be { super_name: "Mike P." }
您的“自定义{ super_name: "Mike P." }
验证”字段为{ super_name: "Mike P." }
{ super_name: "Mike P." }
. { super_name: "Mike P." }
。
The naming of $supervisor
in the security rules is somewhat surprising. 安全规则中$supervisor
的命名有些令人惊讶。 Should this not be $person
, as it is a list of persons? 应该不是$person
,而是$person
列表吗?
Well thanks to the help of @Marein and @FrankvanPuffelen I manage to get it to work. 好吧,由于@Marein和@FrankvanPuffelen的帮助,我设法使其工作。 The Simulator was pretty helpful by the way. 顺便说一下,模拟器非常有用。
This is what I did: 这是我所做的:
my firebase authentication auth = firebase.FirebaseAuthentication(mySecret, None, extra = {'super_name':'Mike P.'})
我的auth = firebase.FirebaseAuthentication(mySecret, None, extra = {'super_name':'Mike P.'})
身份验证auth = firebase.FirebaseAuthentication(mySecret, None, extra = {'super_name':'Mike P.'})
my rules: 我的规则:
{
"rules": {
"workers":{
"$gender":{
"$worker":{
".read":"data.child('supervisor').val() === auth.super_name" }
}}}}
Now when "Mike P." 现在当“麦克P.” enters his name (and later a password, don't know how to do that yet), he only will be allowed to see the info on the workers whose supervisor is Himself. 输入他的名字(后来输入密码,还不知道该怎么做),他将只被允许查看有关其主管为自己的工人的信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.