[英]Security rules for posting to a user's subdirectory in Firebase
The following are my Firebase security rules: 以下是我的Firebase安全规则:
https://my-firebase.firebaseio.com/users/my-user-id.json
It works fine when my path ends with the users
directory. 当我的路径以
users
目录结尾时,它可以正常工作。 As in: 如:
https://my-firebase.firebaseio.com/users/my-user-id/settings.json
But when I try to post directly to a subdirectory, as follows: 但是,当我尝试直接发布到子目录时,如下所示:
https://my-firebase.firebaseio.com/users/my-user-id/settings.json
it doesn't work. 它不起作用。
What do I need to do to the security-rules.json file (or anything else) to be able to write directly to a user's subdirectory?
为了能够直接写入用户的子目录,我需要对security-rules.json文件(或其他任何文件)执行什么操作?
Edit: 编辑:
Someone suggested, "just extend your rule to include settings." 有人建议“将您的规则扩展到包括设置在内”。 So I tried this:
所以我尝试了这个:
{ "rules": { "users": { "$uid": { ".write": "auth.uid === $uid", ".read": "auth.uid === $uid" }, "settings": { ".write": "auth.uid === $uid", ".read": "auth.uid === $uid" } } } }
Which throws the following error: 这将引发以下错误:
9:30: Unknown variable '$uid'. 10:31: Unknown variable '$uid'.
This works in the simulator: 这在模拟器中有效:
{
"rules": {
"users": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid",
"settings": {
}
}
}
}
}
After further testing, I found the security rules contained in the OP also work in the simulator: 经过进一步测试后,我发现OP中包含的安全规则也可以在模拟器中使用:
{ "rules": { "users": { "$uid": { ".write": "auth.uid === $uid", ".read": "auth.uid === $uid" } } } }
There is no need to add additional rules for writing deeper into the node tree. 无需添加其他规则即可更深入地写入节点树。 The highest level permissions are sufficient.
最高级别的权限就足够了。
Aside: My problem appears to be something other than the security rules I'm using. 另外:我的问题似乎是我所使用的安全规则以外的问题。 I must do more research, experimentation and testing.
我必须做更多的研究,实验和测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.