到目前为止,这是我的安全结构:
{
"rules":
{
"users":
{
"$user":
{
".read": true,
"Age":
{
".write": "$user === auth.uid",
".validate": "newData.isNumber()"
},
"Name":
{
".write": "$user === auth.uid",
".validate": "newData.isString()"
},
"friends":
{
"$friend":
{
"Age":
{
".write": "$user === auth.uid || $friend === auth.uid",
".validate": "newData.isString()"
},
"Name":
{
".write": "$user === auth.uid || $friend === auth.uid",
".validate": "newData.isNumber()"
}
}
}
}
}
}
}
现在,当我试图写入' $ user'对于用户,我有以下错误:
Attempt to write Success({"42":{"Age":42,"Name":"Nick","friends":{"11":{"Age":11,"Name":"Rob"}}}}) to /users with auth=Success({"id":42,"provider":"anonymous","uid":"anonymous:42"})
/
/users
No .write rule allowed the operation.
Write was denied.
当我将.write规则设置为用户时,将覆盖所有写入规则。我需要指定$user的所有特征只能由$user编写,但$friend可以由$friend和$user编写。当我推送用户时,我会将它们与朋友推送,但之后我将需要好友能够在不同的用户路径上更改他们的数据。你有什么想法吗?
答案 0 :(得分:1)
好吧,所以我玩了一点规则并决定将孩子的写规则纳入验证,它的效果非常好。这是我的最终代码:
{
"rules":
{
"users":
{
"$user":
{
".read": true,
".write": "$user === auth.uid",
"Age":
{
".validate": "newData.isNumber()"
},
"Name":
{
".validate": "newData.isString()"
},
"friends":
{
"$friend":
{
"Age":
{
".validate": "newData.isString() && ($user === auth.uid || $friend === auth.uid)"
},
"Name":
{
".validate": "newData.isNumber() && ($user === auth.uid || $friend === auth.uid)"
}
}
}
}
}
}
}