我正在尝试对Firebase中存储备注对象进行简单测试,其中包含用户安全规则,确保可以只对作者读取和写入备注。
以下是firebase中存储的数据:
my_firebase_db
- notes
- K835Tw_H28XXb-Sj4b
- text: "note 1 from author 1",
- user_id: "11b09925-534b-4955-ac55-3e234809432f"
- K835Tw_H28XXb-Sj4b
- text: "note 1 from author 2",
- user_id: "11b09925-534b-4955-ac55-4d223893382c"
- K835Tw_H28XXb-Sj4b
- text: "note 2 from author 2",
- user_id: "11b09925-534b-4955-ac55-4d223893382c"
角度代码(AngularFire),使用自定义令牌对用户进行身份验证,加载注释和添加注释的方法:
var ref = new Firebase("https://xxx.firebaseio.com");
// Authenticate users with a custom authentication token
$firebaseAuth(ref).$authWithCustomToken(data.token).then(function(authData) {
console.log("Logged in as:", authData.uid);
$scope.user_id = authData.uid;
}).catch(function(error) {
console.error("Authentication failed:", error);
});
// Load notes
$scope.notes = $firebaseArray(ref.child('notes'));
$scope.addNote = function() {
note = {
user_id: $scope.user_id,
text: $scope.newNote.text
};
$scope.notes.$add(note);
};
安全& Firebase中的规则设置:
{
"rules": {
"notes": {
".read": "auth != null && data.child('user_id').val() === auth.uid",
".write": "auth != null && newData.child('user_id').val() === auth.uid"
}
}
}
根据这些规则,请阅读&写不允许。
如果我将规则更改为此,请阅读&允许写(但作者可以阅读每个人的笔记):
{
"rules": {
"notes": {
".read": "auth != null",
".write": "auth != null"
}
}
}
如何在firebase中编写一个安全规则,允许经过身份验证的用户阅读&写自己的笔记?