有关 Firebase 实时数据库身份验证规则的问题
[英]Questions on Firebase realtime database auth rules
问题描述
I am coding a microblogging site on Firebase, to which I am very new.
我正在 Firebase 上编写一个微博网站,我对此很陌生。 I am storing user information (eg introduction, profile pictures) and posts the users write like below structure:我正在存储用户信息(例如介绍、个人资料图片)并发布用户写的如下结构:
{
"posts" : {
"postid" : {
"category": "xx",
"content": "xx",
"uid":"xx"
}
},
"users" : {
"uid" : {
"intro" : "xx",
"nickname" : "xx",
"profile_picture" : "xx"
}
}
}
I'd like make following rules:我想制定以下规则:
Any signed-in users will be able to post, but only will be able to edit their own posts afterwards
任何登录的用户都可以发帖,但之后只能编辑自己的帖子For user info, they will only be able to post/edit their own.
对于用户信息,他们只能发布/编辑自己的信息。
I set the database security rules like below.我设置了如下的数据库安全规则。
"users": {
".read": true,
"$uid": {
".write": "auth.uid===$uid"
},
},
"posts": {
".read": true,
".write": "auth!==null",
},
Here are a couple of issues:这里有几个问题:
a.一种。 This rule will enable any bad user to edit any other post that is not his/her own.此规则将允许任何不良用户编辑不属于他/她自己的任何其他帖子。
b.湾When trying to write to users node, there is no existing UID child node at the moment and the users are denied permission to write.尝试写入用户节点时,目前没有现有的 UID 子节点,用户被拒绝写入权限。
How can I change the database rules to solve the two issues?如何更改数据库规则以解决这两个问题? My preference is doing so without rewriting the front-end code or change the database structure...would love to seek some advice here!我的偏好是这样做而不重写前端代码或更改数据库结构......很想在这里寻求一些建议!
1 个解决方案
解决方案1
0 已采纳 2020-01-13 17:59:09
To only allow users to write their own posts (or create new posts with their own UID), you can check the value of the uid field in write operations:要只允许用户写自己的帖子(或使用自己的 UID 创建新帖子),您可以在写操作中检查uid字段的值:
"posts": {
".read": true,
".write": "auth !== null && auth.uid === newData.child('uid').val",
},
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.