堆栈内存溢出
  简体   繁体   English

实时数据库规则问题

[英]Realtime database rules issues

 原文  2020-08-21 12:37:48       android/ firebase-realtime-database/ firebase-security

问题描述

Have a DB with a coaches path.有一个带教练路径的数据库。 Trying to secure with rules.试图用规则保护。 So read below is only allowed if they auth matches they one the user signed in with.因此,只有当他们的身份验证与登录用户匹配时,才允许阅读下面的内容。 If I test this in the rules playground it passes.如果我在规则操场上测试它,它就会通过。

 {
      "rules": {
        "Coaches": {
          ".indexOn": "coachEmail",
            "$uid":{
               ".read": "$uid==auth.uid",
            }

But in my app it does not work get the error in logcat Listen at /Coaches failed: DatabaseError: Permission denied What might the issue be?但是在我的应用程序中它不起作用在 logcat Listen at /Coaches failed: DatabaseError: Permission denied 中出现错误可能是什么问题? Could be an error in the code where the database gets queried?可能是查询数据库的代码中的错误?

//Query the database to get the current user
        Query query = databaseReference.orderByChild("coachEmail").equalTo(user.getEmail());
        query.addValueEventListener(new ValueEventListener() {

UPDATE:更新:

 "rules": {
    "Coaches": {
      ".indexOn": "coachEmail",
        "$uid":{
           ".read": "auth.uid == $uid",
                    ".write": "auth.uid == $uid" 
        }

This passes in the rules playground这在规则操场上通过

Type    read
Location    /Coaches/R6qhJIyLw9S6tI5llmuBhRvWWhn1
Data    null
Auth    { "provider": "anonymous", "uid": "R6qhJIyLw9S6tI5llmuBhRvWWhn1" }
Admin   false

Whenever I run my app I get the following error每当我运行我的应用程序时,我都会收到以下错误

Listen at /Coaches failed: DatabaseError: Permission denied

Not sure what the issue could be不确定可能是什么问题

1 个解决方案

解决方案1
 1  2020-08-21 14:59:56

Security rules do not filter your data in any way. 安全规则不会以任何方式过滤您的数据 They merely ensure that any operation your code performs against the database is allowed according to your rules.它们只是确保根据您的规则允许您的代码对数据库执行的任何操作。

Your code tries to load /Coaches , so the rules check if the user has read permission on /Coaches .您的代码尝试加载/Coaches ,因此规则会检查用户是否具有对/Coaches的读取权限。 Since they don't, the read operation is rejected.因为他们不这样做,所以读取操作被拒绝。

The only read operation that is allowed by your current rules is:当前规则允许的唯一读取操作是:

databaseReference.child(user.getUid())...

Since you want to allow a query where the user specifies their own email address, you should update your rules to check for such a query too.由于您希望允许用户指定他们自己的 email 地址的查询,因此您也应该更新规则以检查此类查询。 As shown in the documentation on securely querying data , that'd be something like:安全查询数据文档中所示,它类似于:

"Coaches": {
  ...
  ".read": "auth.uid != null &&
            query.orderByChild == 'coachEmail' &&
            query.equalTo == auth.token.email"
  ...
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Firebase 实时数据库规则 - Firebase realtime database rules 规则实时数据库 - Rules realtime database 实时数据库规则未按预期工作 - Realtime Database Rules not working as expected Firestore 实时数据库身份验证规则 - Firestore Realtime Database authentication rules Firebase 实时数据库新数据规则 - Firebase Realtime Database newData Rules Firebase 实时数据库规则有问题 - Problem with Firebase Realtime Database rules Firebase 实时数据库规则被拒绝权限 - Firebase Realtime Database Rules Denied Permission Firebase 实时数据库规则检查数组包含 - Firebase Realtime Database Rules checking for array contains 数据验证问题 Firebase 实时数据库规则 - Data validation issue Firebase RealTime Database rules Firebase 实时数据库:Google 警告写入规则 - Firebase Realtime Database: Google warning for write rules
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM