Simple enough question:
How do I restrict paths, such as...
/orders/<userid>
/cart/<userid>
/transactions/<userid>/txid
...only to users whose userid
matches the one in the path?
I have authentication set up and I need to subscribe to some of these in Vue after firebase.auth().onAuthStateChanged
It appears, as per the docs here, that in the following rule example, the user token must match the key exactly:
{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid"
}
}
}
}
Does this mean that, /orders/123456/order123478
will be restricted and only available to user 123456
?
For the realtime database, update your rules to something like this:
{
"rules": {
"orders": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
}
}
}
The $uid
key represents any key nested at that level and allows you to reference it in your rules. The auth
variable is provided by Firebase and contains details about the authenticated user who issued the request, so you can compare the requesting user's uid
with the database's uid
key and grant permissions if they match (the nested ".read"
and ".write"
values).
So for a user who's uid
is user1
, they would have access to the following data:
{
"orders": {
"user1": {
"order1": read/write,
"order2": read/write
},
"user2": {
"order1": no access,
"order2": no access
},
"user3": {
"order1": no access,
"order2": no access
},
}
Read the documentation and play around with the simulator found in the Rules section of the Firebase dashboard.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.