尝试写入数据库时​​,Firebase安全规则返回权限被拒绝

时间:2016-09-01 16:14:50

标签: firebase firebase-realtime-database firebase-security

我正在创建一个为团队创建流程的应用程序。这些进程的成员是管理员,可以写入,然后只是可以阅读它们的常规用户。当用户第一次创建流程时,默认情况下会将其设为管理员。但是,每当我尝试创建一个流程时,我都会被拒绝并且#34;来自Firebase,我无法做到。我的阅读规则基本相同(只需用' admins'路径取代'用户'路径),我就能很好地阅读这些流程。只是无法制作它们。任何想法为什么会这样。

以下是流程的安全规则:

        var cols = [];
        for (var k in data) {
            cols.push([k].concat(data[k]));
        }
        ts.load({
            columns: cols
        });

以下是流程的数据结构:

"processes": {
        "$processID": {
          ".read": "auth.uid != null && data.child('users/' + auth.uid).val() === true",
          ".write": "auth.uid != null && newData.child('admins/' + auth.uid).val() === true"
        }
      }

以下是我创建流程的功能:

processes
 -KQ_j5Yt75GktE5pBRFS
   admins
      HESy7LE7JbeNyHKaGeyWRhNIuE83: true
   createdOn: "2016-09-01T04:00:00.000Z"
   description: "This is an example process"
   name: "Example Personal Process"
   tasks
   team: "-KQ_iwUmXsx0zasoPxT9"
   users
      HESy7LE7JbeNyHKaGeyWRhNIuE83: true

以下是我的用户模型的一部分。

actions: {
        createProcess(processName, processDescription) {
        var teamId = this.controllerFor('processes/new').get('teamId');
        var self = this;
        console.log("team: "+teamId);
        let currentUser = this.get('user').get('currentUser');
        let team = this.get('store').peekRecord('team', teamId);
        let user = this.get('store').peekRecord('user', currentUser.id);
        console.log("user "+currentUser.id)
        let process = this.get('store').createRecord('process', {
            team: team,
            user: user,
            admin: user,
            name: processName,
            description: processDescription
        });
        user.get('processes').pushObject(process);
        user.get('processesLead').pushObject(process);
        team.get('processes').pushObject(process);
        console.log("about to save process");
        process.save().then(function () {
        console.log(process.admin.id);
        user.save();
        console.log("user saved");
        team.save();
        console.log("team saved");
    }).then(() => this.transitionTo('team', teamId));
       }

以下是我的流程模型的一部分:

processes: DS.hasMany('process'),
  tasks: DS.hasMany('task'),
  processesLead: DS.hasMany('process', { inverse: 'admins' }),
  teamsLead: DS.hasMany('team', { inverse: 'admins' }),
  tasksLead: DS.hasMany('task', { inverse: 'admins' }),
  processMember: DS.hasMany('process', { inverse: 'members' }),
  teamMember: DS.hasMany('team', { inverse: 'members' }),
  taskMember: DS.hasMany('task', { inverse: 'members' })

1 个答案:

答案 0 :(得分:-1)

您必须将data.child('users/' + auth.uid)分成2个不同的.child()语句。所以像这样:data.child('users').child(auth.uid)

相关问题
最新问题