Firebase安全规则自定义字段

时间:2015-06-15 09:24:00

标签: javascript angularjs firebase angularfire firebase-security

我的Firebase安全规则如下所示:

"users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
        ".write": "auth !== null && auth.uid === $uid",

        // grants read access to any user who is logged in with an email and password
        ".read": "auth !== null && auth.provider === 'password'"
      }
    },

此外,我有一个自定义userId,我存储在users/$uid中。举个例子,我的users/$uid看起来如下:

users
   /$uid
       /email: foo@bar.com
       /userId: "foobargayid123456"

我在其他节点中使用此userId,例如节点profile_pictures来设置依赖项:

profile_pictures
   /userId
       /thumbnail: "datablabla"

问题

如何在firebase中为节点profile_pictures设置安全规则,以便只有ID为users/$uid/userId的用户才能.write节点profile_pictures/userId

1 个答案:

答案 0 :(得分:2)

我认为这就是你要找的东西。

{ 
  "rules": {
    "profile_pictures": {
      "$userId": {
        ".write": "
          root.child('users').child(auth.uid).child('userId').val == $userId"
      }
    }
  }
}
相关问题
最新问题