[英]Firebase rules in which a user can edit data of another user if he clicked on his profile
I have developed an app using firebase realtime database.我使用 firebase 实时数据库开发了一个应用程序。 In the app, if eg user 1 clicks on the profile of user 2 then the data of user 2 would be changed.
在应用程序中,如果例如用户 1 单击用户 2 的个人资料,则用户 2 的数据将被更改。 User 1 can only change the data of other users if he clicks on their profiles.
用户 1 只有单击其他用户的个人资料才能更改其他用户的数据。 I have written some rules to secure my database but these rules won't allow user 1 to change the data of other users if he clicks on their profile.
我已经编写了一些规则来保护我的数据库,但这些规则不允许用户 1 在单击其他用户的个人资料时更改其他用户的数据。 You help will be highly appreciated.
您的帮助将不胜感激。 Thank You Below is my code: Firebase Rules
谢谢 下面是我的代码: Firebase 规则
Database Structure
数据库结构
Java Code which will change user data if his profile is clicked Java 如果点击他的个人资料将更改用户数据的代码
holder.itemView.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
dRef.child(modelClass.get(position).userID).child("showGigCount").setValue(modelClass.get(position).getShowGigCount()-1); // this will decrease showGigCount for clicked users
dRef.child(modelClass.get(position).getUserID()).child("clicksOnProfile").setValue(modelClass.get(position).getClicksOnProfile()+1); // this will increase clicksOnProfile for clicked users
dRef.child(modelClass.get(position).getUserID()).child("lifeTimeClicksOnProfile").setValue(modelClass.get(position).getLifeTimeClicksOnProfile()+1); // this will increase clicksOnProfile for clicked users
It sounds like you want to allow certain properties to be modified by all users, which you can do with:听起来您想允许所有用户修改某些属性,您可以这样做:
...
"$user_id": {
".write": "auth != null && $user_id === auth.uid",
"showGigCount": {
".write": "auth != null"
},
"clicksOnProfile": {
".write": "auth != null"
},
"lifeTimeClicksOnProfile": {
".write": "auth != null"
},
}
...
The added rules give permission to write the lower level properties, while your original write rules on $user_id
still rejects writing other properties of the user.添加的规则允许写入较低级别的属性,而您在
$user_id
上的原始写入规则仍然拒绝写入用户的其他属性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.