Security rules dont cascade like the docs said
Question
The security rules dont cascade, like the docs says.
This picture demonstrates the result of an authorized read request to path /foo/baz/bar/ done with the simulator.
The Firebase Docs says this (code example is relevant to the docs):
{
"rules": {
"foo": {
".read": true,
".write": false
}
}
}
.read and.write rules cascade, so this ruleset grants read access to any data at path /foo/ as well as any deeper paths such as /foo/bar/baz. Note that.read and.write rules shallower in the database override deeper rules, so read access to /foo/bar/baz would still be granted in this example even if a rule at the path /foo/bar/baz evaluated to false.
Why do i get the opposite effect?
1 answers
solution1
2 ACCPTED 2021-01-29 21:55:49
Allowing access cascades, denying access does not. If denying access had the same cascading effect, rules would become verbose since you would have to explicitly exclude every part of the database you don't want affected even when denying.
Think of rules as a big or statement -- it goes through each matching rule one by one until it finds a true :
rule1 || rule2 || rule3 || rule4 ...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.