堆栈内存溢出
  简体   繁体   English

Firebase安全规则不起作用

[英]Firebase security rules not works

 原文  2017-08-22 00:46:42       javascript/ firebase/ firebase-realtime-database/ firebase-authentication/ firebase-security

问题描述

I am using Firebase Authentification in an Web application, and I am using Phone Number authentification as an option to sign in the application. 我在Web应用程序中使用Firebase身份验证,并且在使用电话号码身份验证作为登录应用程序的选项。 

function saveUser(fname) {
    var user = firebase.auth().currentUser;
    var newUserRef = firebase.database().ref('users/' + user.uid);
    newUserRef.set({
        fname: fname
    });
}

Under the following database rules: 根据以下数据库规则: 

{
  "rules" : {
    ".read"  : false,
    ".write" : false,
    // only authenticated users can write
    "users": {
      ".read": "auth != null",
      "$user_id": {
          "fname": {
            ".read": "auth != null",
            ".write": "auth != null",
            ".validate": "newData.isString() && newData.val().matches(/^[A-Z]{3,}$/)"
          },
      }
    }
  }
}

However, I keep getting the error: 但是,我不断收到错误:

FIREBASE WARNING: set at /users/ypGXpJRM1wdMOuOMf8F7quLnJ073 failed: permission_denied FIREBASE警告:设置为/ users / ypGXpJRM1wdMOuOMf8F7quLnJ073失败:Permission_denied

Is there a way to avoid this error without changing the rules? 有没有办法在不更改规则的情况下避免此错误?

2 个解决方案

解决方案1
 3 已采纳  2017-08-22 06:24:39

The first level where your rules allow writing is in /users/$uid/fname . 您的规则允许写入的第一级位于/users/$uid/fname But your code tries to write to /users/$uid . 但是您的代码尝试写入/users/$uid Since you don't have write permission there, the database rejects the write operation. 由于您那里没有写许可权,因此数据库拒绝写操作。

You have two options to solve this: allow writes to /users/$uid , or write to /users/$uid/fname . 您可以通过以下两种方法解决此问题:允许写入/users/$uid或写入/users/$uid/fname

Allow writes to /users/$uid 允许写入/users/$uid

To allow writes to /users/$uid change your rules to: 要允许写入/users/$uid请将规则更改为: 

"users": {
  ".read": "auth != null",
  "$user_id": {
      ".write": "auth != null",
      "fname": {
        ".read": "auth != null",

In fact, you'll likely want to ensure a user can only write their own node, which you do with: 实际上,您可能希望确保用户只能编写自己的节点,您可以这样做: 

"users": {
  ".read": "auth != null",
  "$user_id": {
      ".write": "auth.uid === $uid",
      "fname": {
        ".read": "auth != null",

Write to /users/$uid/fname 写入/users/$uid/fname

Your current write code tries to write to a place where you don't have permission. 您当前的写代码试图写到您没有权限的地方。 Since you are only writing the fname , you can also write to that specific location to get rid of the error: 由于您只写fname ,因此您也可以写到该特定位置以消除错误: 

var newUserRef = firebase.database().ref('users/' + user.uid);
newUserRef.child('fname').set(fname);

Given the data structure I'd probably go for modifying the security rules. 给定数据结构,我可能会去修改安全规则。

解决方案2
 0  2017-08-22 01:02:52

These rules are blocking all access: 这些规则阻止了所有访问: 

".read"  : false,
".write" : false,

You can easily test your db security rules in Firebase database rule simulator tool. 您可以在Firebase数据库规则模拟器工具中轻松测试数据库安全规则。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Firebase安全规则不起作用 - The Firebase security rules not works Firebase 读取安全规则 - Firebase read security rules firebase-安全规则REST - firebase - security rules REST Firebase安全规则自定义字段 - Firebase security rules custom field 具有用户角色的FireBase安全规则 - FireBase Security Rules with User roles Firebase 安全规则未显示任何数据 - No data displayed with Firebase Security Rules Firestore 数据库安全规则仅适用于模拟器 - Firestore database security rules only works in simulator Firebase安全规则检查阵列长度 - Firebase security rules to check array length Firebase安全规则中的用户和组权限 - User and group permissions in firebase security rules Firebase安全规则在v3中的行为有所不同 - Firebase security rules acting differently in v3
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM