[英]Firebase read/write permission for certain users
I have a family, A, b, c, d , and A is the leader. 我有一个家庭, A,b,c,d ,并且A是领导者。 We have an intruder, E .
我们有一个入侵者E。 We only want b, c, d to read/write A's data.
我们只希望b,c,d读/写A的数据。
ALL OF THESE letters (b, cd,...) will be the UID's 所有这些字母(b,cd,...)将是UID的
Here is what I have so far: 这是我到目前为止的内容:
Everyone is authenticated with email. 每个人都通过电子邮件进行身份验证。 People send requests to A to be allowed in his group.
人们向A发送请求以允许其进入组。 If he accepts, they can read/write to his.
如果他接受,他们可以对其进行读/写操作。
Design for database Firebase 数据库Firebase设计
{
"Leaders" : {
"A" : {
"ALLOWED" : {
"b" : 0,
"c" : 0,
"d" : 0
},
"DATA" : {
"blah blah1" : "content writable by bcd",
"blah blah2" : "content writable by bcd"
},
"REQUESTS" : {
"E" : 0
}
}
}
}
I can use CRUD to move the b, c, d but how do I make the rules so that it follows that only people in the ALLOWED can read/write data for each leader? 我可以使用CRUD来移动b,c,d,但是如何制定规则,以便只有ALLOWED中的人才能为每个领导者读写数据?
{
"rules": {
".read": "auth != null",
".write": "auth != null"
"Leaders":{
".write": "$uid == ????"
}
}
}
Thanks for helping! 感谢您的帮助!
Should be a matter of checking if the node exists under the current leader: 应该检查节点是否存在于当前领导者的下面:
{
"rules": {
"Leaders":{
"$leaderuid": {
".write": "$leaderuid == auth.uid",
"DATA": {
".write": "data.parent().child('ALLOWED').child(auth.uid).exists()"
}
}
}
}
}
Things I changed: 我改变的事情:
auth.uid
here as described in the documentation on securing user data . auth.uid
,如保护用户数据的文档所述。 DATA
if their uid exists in the ALLOWED
node. ALLOWED
节点中,则用户只能在DATA
下写入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.