发布到Firebase中用户子目录的安全规则

Question

The following are my Firebase security rules:

security-rules.json

https://my-firebase.firebaseio.com/users/my-user-id.json

It works fine when my path ends with the users directory. As in:

https://my-firebase.firebaseio.com/users/my-user-id/settings.json

But when I try to post directly to a subdirectory, as follows:

 https://my-firebase.firebaseio.com/users/my-user-id/settings.json 

it doesn't work.

Question

What do I need to do to the security-rules.json file (or anything else) to be able to write directly to a user's subdirectory?

Edit:

Someone suggested, "just extend your rule to include settings." So I tried this:

security-rules.json

 { "rules": { "users": { "$uid": { ".write": "auth.uid === $uid", ".read": "auth.uid === $uid" }, "settings": { ".write": "auth.uid === $uid", ".read": "auth.uid === $uid" } } } } 

Which throws the following error:

 9:30: Unknown variable '$uid'. 10:31: Unknown variable '$uid'. 

Answer 1

This works in the simulator:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "auth != null && auth.uid == $uid",
        ".write": "auth != null && auth.uid == $uid",
        "settings": {
        }
      }
    }
  }
}

Answer 2

After further testing, I found the security rules contained in the OP also work in the simulator:

security-rules.json

 { "rules": { "users": { "$uid": { ".write": "auth.uid === $uid", ".read": "auth.uid === $uid" } } } } 

There is no need to add additional rules for writing deeper into the node tree. The highest level permissions are sufficient.

Aside: My problem appears to be something other than the security rules I'm using. I must do more research, experimentation and testing.