我的Firebase应用程序有以下规则集:
{
"rules": {
"EVENT_TABLE":{
"$id":{
//Explicitly allow for reading of the EVENT_TABLE item data, however specify sub-pieces to be unreadable.
".read":"auth != null",
".write":"auth != null",
"allowed_users":{
"$user_id":{
}
},
"requested_users":{
".read":"auth != null",
".write":"auth != null"
}
}
},
"EVENT_TABLE_GEO_MAP":{
".read": "auth != null",
".write": "auth != null"
},
"EVENT_CONFIDENTIALS_TABLE":{
".write": "auth != null",
"$id":{
".read": "root.child('EVENT_TABLE/'+$id+'/allowed_users/'+auth.uid).exists()"
}
}
}
}
每当用户尝试将自己添加到" requested_users"在EVENT_TABLE对象下映射,它表示"权限被拒绝"但仍然可以成功写入用户的ID。
以下是示例数据:
{
"b216d166-eff2-4947-898c-cef75e32605e" : {
"allowed_users" : {
"gEnCx9TIFNNOjExbzEtdIBwB2t62" : 1
},
"body" : "ahah",
"end" : 1490842878378,
"id" : "b216d166-eff2-4947-898c-cef75e32605e",
"latitude" : 44.783728,
"longitude" : -93.2468524,
"name" : "New Event",
"owner_id" : "gEnCx9TIFNNOjExbzEtdIBwB2t62",
"requested_users" : {
"0G4OMRWeiNScz5KnpkOaDQw9kd02" : 1
},
"start" : 1490842876140
}
}
用户请求将包含其ID的新地图写入“被请求用户”后面。字段。
此外,这是我在Android中用来调用write的函数:
public static void requestToJoinEvent(Event eventRequested, final Activity activityCalling){
user = FirebaseAuth.getInstance().getCurrentUser();
if(user!=null){
retrieveDatabaseReference(EVENT_TABLE);
eventRequested.getRequested_users().put(user.getUid(),1);
ref.child(eventRequested.getId()).child("requested_users").setValue(eventRequested.getRequested_users());
ref.addValueEventListener(new ValueEventListener() {
@Override
public void onDataChange(DataSnapshot dataSnapshot) {
operationSuccess=true;
displayRequestSentMessage(activityCalling);
}
@Override
public void onCancelled(DatabaseError databaseError) {
//This returns with a Permission Denied error.
}
});
}else{
throw new RuntimeException("User is missing!");
}
}
为什么它会抛出Permission Denied错误并仍然成功写入?