Firebase规则使用root

时间:2017-12-12 00:43:49

标签: firebase firebase-realtime-database firebase-security

数据库:

"user_locations": { 
   "123": {
     "user_id": "kcf3566"
   }

}

规则:

"user_locations": { 
   "$loc_id": {
     ".read": "auth.uid == root.child('user_locations/$loc_id/user_id').val()",
     ".write": "auth != null"
   }

}

根据上面的代码,我试图只允许在路径user_locations>上使用匹配uid的用户; $ key> uid能够读取数据。我尝试了上述规则,但是,我无法访问数据。

触发问题的代码:

$scope.get_user_locations = function () {

    firebase.auth().onAuthStateChanged(function (user) {
        if (user) {

            var returned_locations = firebase.database().ref('user_locations/');
            returned_locations.on('value', function (snapshot) {
                $scope.user_locations = snapshot.val();
            });


        } else {
            $state.go('login');
        }
    });

};

1 个答案:

答案 0 :(得分:0)

安全规则不对路径字符串中的变量执行字符串插值。将您的规则更改为:

"rules": {
  "user_locations": { 
     "$loc_id": {
       ".read": "auth.uid == root.child('user_locations').child($loc_id).child('user_id').val()",
       ".write": "auth != null"
     }
   }