Firebase规则允许仅逐个删除子项

时间:2016-11-21 15:02:07

标签: json firebase firebase-realtime-database firebase-security

考虑用户的以下firebase数据库规则。我想知道是否有办法编写一个可以逐个删除孩子(朋友)的规则,但不能一次删除所有规则?

这里简单的删除操作不起作用,因为朋友需要空或者有孩子。但是,它可以更新为任何其他孩子,这意味着所有孩子都可以一次被覆盖。

"user":
{
    "$uid":
    {
        /* user can read all user data */
        ".read": "$uid == auth.uid",
        /* allow to add to friends but not delete */
        ".write": "$uid == auth.uid && (!data.child('friends').exists() || newData.child('friends').hasChildren())",
        /* other user data also needs to be writable */
        "name": {},
        /* only explicit user data is allowed */
        "$other": { ".validate": false },
        "friends":
        {
            "$friend_uid": { ".validate": "root.child('user').child($friend_uid).exists()" },
        },
    }
}

1 个答案:

答案 0 :(得分:0)

根据firebase策略,.write策略由子进程继承,因此解决方案是为每个子进行.write规则。

"user":
{
    "$uid":
    {
        /* user can read all user data */
        ".read": "$uid == auth.uid",
        /* no writing at this level */
        /* ".write": false, */
        /* user data is still writable */
        "name": { ".write":"$uid == auth.uid" },
        /* no longer necessary */
        /*"$other": { ".validate": false },*/
        "friends":
        {
            "$friend_uid": { ".write":"$uid == auth.uid" },
        },
    }
}