具有用户角色的FireBase安全规则
[英]FireBase Security Rules with User roles
问题描述
First off, I've previously researched this and I have referenced a previous question. 
首先,我之前已经研究过这个问题,并且已经参考了之前的问题。 I have done what is stated in this question with no positive result. 我已经完成了这个问题中所说的,没有取得积极的结果。
Firebase: set security rules depending on user roles
I am using: 我在用:
Angular JS
Firebase
AngularFire -- Integrate Firebase with AngularJS
E-mail and Password Firebase Authentication
I have a node in Firebase for my users: 我的用户在Firebase中有一个节点:
"users" : {
"simplelogin:49" : {
"email" : "myemail@something.com",
"full_name" : "First Last",
"roles" : {
"administrator" : true
}
},
"simplelogin:64" : {
"email" : "me@me.com",
"full_name" : "first last",
"roles" : {
"administrator" : false
}
}
}
I am trying to add an entry in my clients table while being logged into the simplelogin:49 that as you can see is an administrator. 我正在尝试登录到simplelogin:49时在我的客户表中添加一个条目,如您所见,它是管理员。
// Create the Client
var clientRef = firebaseUrl+'clients';
var clientsListRef = new Firebase(clientRef);
clientsListRef.push({
'uid': userData.uid,
'number': cl.number,
'company': cl.company,
'full_name': cl.full_name,
'email': cl.email,
'phones': {
'primary': cl.phones.primary,
'cell': cl.phones.cell,
'alte': cl.phones.alte
},
'addresses': {
'billing': {
'line1': cl.addresses.billing.line1,
'line2': cl.addresses.billing.line2,
'city' : cl.addresses.billing.city,
'state': cl.addresses.billing.state,
'zip' : cl.addresses.billing.zip
},
'shipping': {
'line1': cl.addresses.shipping.line1,
'line2': cl.addresses.shipping.line2,
'city' : cl.addresses.shipping.city,
'state': cl.addresses.shipping.state,
'zip' : cl.addresses.shipping.zip
}
}
});
I have set up some rules in Firebase for the clients node and they are as follows: 我在Firebase中为clients节点设置了一些规则,这些规则如下:
"clients": {
"$auth": {
".write": "root.child('users').child('$auth.uid').child('roles').child('administrator').val() === true"
}
}
I've also tried this for rules: 我也尝试过此规则:
"clients": {
".write": "root.child('users').child('auth.uid').child('roles').child('administrator').val() === true"
}
All I get when I run this and it all gets put together is a permission denied error. 运行此命令后得到的所有结果都是权限被拒绝错误。 If I run it in the Firebase Simulator, this is the result: 如果我在Firebase Simulator中运行它,则结果如下:
Attempt to write Success({"user":"Test"}) to /clients with auth=Success({"id":49,"provider":"password","uid":"simplelogin:49"})
/
/clients:.write: "root.child('users').child('auth.uid').child('roles').child('administrator').val() === true"
=> false
No .write rule allowed the operation.
Write was denied.
I would just like to know what I'm missing. 我只想知道我所缺少的。 The person in the question says he/she was successful in their ventures. 问题中的人说他/她在他们的事业中成功。
1 个解决方案
解决方案1
0 2017-09-04 15:08:31
First things first, you should use the Firebase Authentication user id that is automatically generated for each user. 首先,您应该使用为每个用户自动生成的Firebase身份验证用户ID。 You will have to look at the AngularFire documentation on how to access the authenticated user id, but usually its something along the lines of: 您将不得不查看AngularFire文档,以了解如何访问经过身份验证的用户ID,但通常情况如下:
firebase.auth().currentUser().uid
Then, once you have created the user with that id as the name of the dictionary like so: 然后,一旦创建了具有该ID作为字典名称的用户,如下所示:
"users" : {
"Rx6H4mjwwgVo6UKy2vSuOD5dTwk2" : {
"email" : "myemail@something.com",
"full_name" : "First Last",
"roles" : {
"administrator" : true
}
},
"U1x3narB2AQQ0FvMxu7RVQAxb7A2" : {
"email" : "me@me.com",
"full_name" : "first last",
"roles" : {
"administrator" : false
}
}
}
you can use the auth.uid variable in the Firebase Database Security Rules to get their user id: 您可以在Firebase数据库安全规则中使用auth.uid变量获取其用户ID:
"rules" : {
"clients": {
".write": "root.child('users').child(auth.uid).child('roles').child('administrator').val() == true"
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.