Firebase数据库规则:未知变量'$ memberId1'
我有以下Firebase数据库:
我想添加数据库规则以保护只有适当的用户才能访问他们的消息。
当我添加以下内容时,出现错误:
请有人建议吗?
由于
更新
findMessages(chatItem: any): Observable<any[]> { // populates the firelist
return this.af.database.list('/message/', {
query: {
orderByChild: 'negativtimestamp'
}
}).map(items => {
const filtered = items.filter(
item => ((item.memberId1 === chatItem.memberId1 && item.memberId2 === chatItem.memberId2)
|| (item.memberId1 === chatItem.memberId2 && item.memberId2 === chatItem.memberId1))
);
return filtered;
});
}
2 个答案:
答案 0 :(得分:4)
在.read规则的表达式中,以$开头的变量代表路径中的键。
但是,会员ID不是密钥;他们是数据成员。要在表达式中使用它们,您可以使用data快照的child和val方法。像这样:
{
"rules": {
"message": {
"$key": {
".read": "data.child('memberId1').val() === auth.uid || data.child('memberId2').val() === auth.uid"
}
}
}
}
答案 1 :(得分:0)
您应该拥有定义成员的变量,然后引用变量。
这是来自Firebase security docs的聊天示例。
{
"rules": {
"room_names": {
// any logged in user can get a list of room names
".read": "auth !== null",
"$room_id": {
// this is just for documenting the structure of rooms, since
// they are read-only and no write rule allows this to be set
".validate": "newData.isString()"
}
},
"members": {
// I can join or leave any room (otherwise it would be a boring demo)
// I can have a different name in each room just for fun
"$room_id": {
// any member can read the list of member names
".read": "data.child(auth.uid).exists()",
// room must already exist to add a member
".validate": "root.child('room_names/'+$room_id).exists()",
"$user_id": {
".write": "auth.uid === $user_id",
".validate": "newData.isString() && newData.val().length > 0 && newData.val().length < 20"
}
}
},
"messages": {
"$room_id": {
// the list of messages for a room can be read by any member
".read": "root.child('members/'+$room_id+'/'+auth.uid).exists()",
// room we want to write a message to must be valid
".validate": "root.child('room_names/'+$room_id).exists()",
"$message_id": {
// a new message can be created if it does not exist, but it
// cannot be modified or deleted
// any member of a room can write a new message
".write": "root.child('members/'+$room_id+'/'+auth.uid).exists() && !data.exists() && newData.exists()",
// the room attribute must be a valid key in room_names/ (the room must exist)
// the object to write must have a name, message, and timestamp
".validate": "newData.hasChildren(['user', 'message', 'timestamp'])",
// the message must be written by logged in user
"user": {
".validate": "newData.val() === auth.uid"
},
// the message must be longer than 0 chars and less than 50
"message": { ".validate": "newData.isString() && newData.val().length > 0 && newData.val().length < 50" },
// messages cannot be added in the past or the future
// clients should use firebase.database.ServerValue.TIMESTAMP
// to ensure accurate timestamps
"timestamp": { ".validate": "newData.val() <= now" },
// no other fields can be included in a message
"$other": { ".validate": false }
}
}
}
} }
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?