Firebase中的安全规则
[英]Security rules in Firebase
问题描述
I've database structure like 
我的数据库结构像
appointments
[$userId]
[$appointmentId]
message:"something"
date:"14/12/2015"
users
[$userId]
name: Hardik
email: hardikmsondagar@gmail.com
And I'm using angularfire library of Firebase, I'm trying to restrict read operation based on uid ( means a person who created appointment only can read that). 我正在使用Firebase的angularfire库,我试图限制基于uid的读取操作(这意味着创建约会的人只能读取该内容)。 I've tried following security rule 我尝试遵循安全规则
{
"rules": {
"appointments": {
"$userId":{
"$appointmentId":{
".read": "auth.uid==$userId",
".write": true
}
}
},
"users": {
"$userId":
{
".read": "auth!=null && $userId === auth.uid",
".write": "auth!=null && $userId === auth.uid"
}
}
}
But end up on this error Error: permission_denied: Client doesn't have permission to access the desired data. 但是最终出现此错误错误:permission_denied:客户端没有访问所需数据的权限。
I'm trying to access all the user's appointments using following code 我正在尝试使用以下代码访问所有用户的约会
var ref = new Firebase("https://<FIREBASE-APP>.firebaseio.com/appointments/"+uid);
$scope.appointments = $firebaseArray(ref);
1 个解决方案
解决方案1
2 已采纳 2015-12-20 18:36:52
Set rules for the $uid wildcard, to read all the children. 为$uid通配符设置规则,以读取所有子代。
"appointments": {
"$uid":{
".read": "auth.uid == $uid",
".write": "auth.uid == $uid",
}
}
The $uid wildcard sets permissions for the entire list, whereas the $appointmentId wildcard sets permissions for each individual item. $uid通配符设置整个列表的权限,而$appointmentId通配符设置每个单独项目的权限。
But Security Rules cascade, so you only need to set the rules for the top level. 但是安全规则会级联,因此您只需要为顶层设置规则。
Read the docs on cascading for more information. 阅读有关级联的文档以获取更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.