堆栈内存溢出
  简体   繁体   English

Firebase 规则,如果用户单击他的个人资料,则用户可以编辑另一个用户的数据

[英]Firebase rules in which a user can edit data of another user if he clicked on his profile

 原文  2022-06-07 04:50:38       android/ firebase-realtime-database/ firebase-security

问题描述

I have developed an app using firebase realtime database.我使用 firebase 实时数据库开发了一个应用程序。 In the app, if eg user 1 clicks on the profile of user 2 then the data of user 2 would be changed.在应用程序中,如果例如用户 1 单击用户 2 的个人资料,则用户 2 的数据将被更改。 User 1 can only change the data of other users if he clicks on their profiles.用户 1 只有单击其他用户的个人资料才能更改其他用户的数据。 I have written some rules to secure my database but these rules won't allow user 1 to change the data of other users if he clicks on their profile.我已经编写了一些规则来保护我的数据库,但这些规则不允许用户 1 在单击其他用户的个人资料时更改其他用户的数据。 You help will be highly appreciated.您的帮助将不胜感激。 Thank You Below is my code: Firebase Rules谢谢 下面是我的代码: Firebase 规则Firebase 规则 Database Structure数据库结构

我的数据库结构

Java Code which will change user data if his profile is clicked Java 如果点击他的个人资料将更改用户数据的代码

  holder.itemView.setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {

               dRef.child(modelClass.get(position).userID).child("showGigCount").setValue(modelClass.get(position).getShowGigCount()-1); // this will decrease showGigCount for clicked users
                dRef.child(modelClass.get(position).getUserID()).child("clicksOnProfile").setValue(modelClass.get(position).getClicksOnProfile()+1); // this will increase clicksOnProfile for clicked users
                dRef.child(modelClass.get(position).getUserID()).child("lifeTimeClicksOnProfile").setValue(modelClass.get(position).getLifeTimeClicksOnProfile()+1); // this will increase clicksOnProfile for clicked users

1 个解决方案

解决方案1
 1 已采纳  2022-06-07 12:38:57

It sounds like you want to allow certain properties to be modified by all users, which you can do with:听起来您想允许所有用户修改某些属性,您可以这样做:

...
"$user_id": {
  ".write": "auth != null && $user_id === auth.uid",
  "showGigCount": {
    ".write": "auth != null"
  },
  "clicksOnProfile": {
    ".write": "auth != null"
  },
  "lifeTimeClicksOnProfile": {
    ".write": "auth != null"
  },
}
...

The added rules give permission to write the lower level properties, while your original write rules on $user_id still rejects writing other properties of the user.添加的规则允许写入较低级别的属性,而您在$user_id上的原始写入规则仍然拒绝写入用户的其他属性。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用户仅创建和编辑其数据的 Firestore 规则 - Firestore Rules for a user to create and edit his data only Firebase规则:从哪里可以找到一个id所属的用户? - Firebase rules: where can I find the user to which a id belongs to? Firebase Auth UI:是否有一个 UI 可以让用户编辑他们的个人资料? - Firebase Auth UI: Is there an UI to let user edit their profile? 如何使用规则禁止 Firebase 实时数据库中的用户? - How can I ban a User in Firebase realtime Database using the rules? 单个用户可以在 Firebase 身份验证中将多个电话号码链接到他的帐户吗? - Can a single user have multiple phone numbers linked to his account in Firebase auth? Firebase 基于自定义用户字段的安全规则 - Firebase security rules based on custom user field Flutter - 使用提供商 package 监听 Firebase 用户的用户配置文件 (Firestore) 中的数据更改 - Flutter - Listening for data changes in user profile (Firestore) of Firebase user using provider package 用户即使获得授权也无法写入 Firestore 数据库 - User can't write to Firestore database even though he is authorized Firebase 云存储:我可以根据规则测试经过身份验证的用户是否可以读取 object 吗? - Firebase Cloud Storage: can I test if an authenticated user can read an object based on the rules? Firestore - 如何在删除他的帐户时从他自己创建的所有文档中删除用户 ID? - Firestore - how do I remove user's ID from all the documents he's created himself when deleting his account?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM