某些用户的Firebase读/写权限
[英]Firebase read/write permission for certain users
问题描述
I have a family, A, b, c, d , and A is the leader. 
我有一个家庭, A,b,c,d ,并且A是领导者。 We have an intruder, E . 我们有一个入侵者E。 We only want b, c, d to read/write A's data. 我们只希望b,c,d读/写A的数据。
ALL OF THESE letters (b, cd,...) will be the UID's 所有这些字母(b,cd,...)将是UID的
Here is what I have so far: 这是我到目前为止的内容:
Everyone is authenticated with email. 每个人都通过电子邮件进行身份验证。 People send requests to A to be allowed in his group. 人们向A发送请求以允许其进入组。 If he accepts, they can read/write to his. 如果他接受,他们可以对其进行读/写操作。
Design for database Firebase 数据库Firebase设计
{
"Leaders" : {
"A" : {
"ALLOWED" : {
"b" : 0,
"c" : 0,
"d" : 0
},
"DATA" : {
"blah blah1" : "content writable by bcd",
"blah blah2" : "content writable by bcd"
},
"REQUESTS" : {
"E" : 0
}
}
}
}
I can use CRUD to move the b, c, d but how do I make the rules so that it follows that only people in the ALLOWED can read/write data for each leader? 我可以使用CRUD来移动b,c,d,但是如何制定规则,以便只有ALLOWED中的人才能为每个领导者读写数据?
{
"rules": {
".read": "auth != null",
".write": "auth != null"
"Leaders":{
".write": "$uid == ????"
}
}
}
Thanks for helping! 感谢您的帮助!
1 个解决方案
解决方案1
4 已采纳 2016-11-28 15:29:30
Should be a matter of checking if the node exists under the current leader: 应该检查节点是否存在于当前领导者的下面:
{
"rules": {
"Leaders":{
"$leaderuid": {
".write": "$leaderuid == auth.uid",
"DATA": {
".write": "data.parent().child('ALLOWED').child(auth.uid).exists()"
}
}
}
}
}
Things I changed: 我改变的事情:
- Remove the top-level read/write rules. 删除顶级读/写规则。 Otherwise any authenticated user can read/write all data and you can never take that permission away at a lower level anymore. 否则,任何经过身份验证的用户都可以读/写所有数据,并且您再也不能从较低的级别取消该权限。
- The leader can write their entire node. 领导者可以编写他们的整个节点。 I use
auth.uidhere as described in the documentation on securing user data .我在这里使用auth.uid,如保护用户数据的文档所述。 - A user can only write under
DATAif their uid exists in theALLOWEDnode.如果用户的uid存在于ALLOWED节点中,则用户只能在DATA下写入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.