如何在保持此结构的同时将读/写规则约束到创建节点的用户?

时间:2018-04-05 19:01:07

标签: javascript firebase firebase-realtime-database vuejs2 authorization

目标是用户可以写入建筑物 depts 节点,但只能写入他们创建的节点。 I.E:如果用户在建筑物中创建节点 A ,则只有他可以读取/写入节点 A

这对数据库结构至关重要:

{
  "buildings" : {
    "-L9HIbKu5fIe8rfoePgi" : {
      "address" : "",
      "hasDepts" : {
        "-L9HIdScisDItysCnMlm" : true
      },
      "name" : "building 1",
      "ownerID" : "6hwNde08Wuaa9bfReR28niSbOsF3"
    }
  },
  "depts" : {
    "-L9HIdScisDItysCnMlm" : {
      "inBuilding" : "-L9HIbKu5fIe8rfoePgi",
      "name" : "dep 1",
      "ownerID" : "6hwNde08Wuaa9bfReR28niSbOsF3"
    }
  },
  "users" : {
    "6hwNde08Wuaa9bfReR28niSbOsF3" : {
      "isAdmin" : {
        "-L9HIbKu5fIe8rfoePgi" : true
      },
      "name" : "João Alves Marrucho",
      "userEmail" : "joaomarrucho@hotmail.com"
    }
  }
}

我认为这个规则可行,但他们不会:

"users": {
  "$uid": {
    ".read": "$uid === auth.uid",
    ".write": "$uid === auth.uid"
  },
}, 
"buildings": {
  "$id": {
    ".read": "data.child('ownerID').val() == auth.uid" , 
    ".write": "data.child('ownerID').val() == auth.uid"  
  }
},
"depts": {
  "$id": {
    ".read": "data.child('ownerID').val() == auth.uid" , 
    ".write": "data.child('ownerID').val() == auth.uid"  
  }
},

用于写入数据的组件代码:

addBuilding: function () {
  let userId = firebase.auth().currentUser.uid;
  let buildingKey = buildingsRef.push().key
  this.newBuilding.ownerID = userId;
  buildingsRef.child(buildingKey).set(this.newBuilding);
  usersRef.child(userId).child('isAdmin').child(buildingKey).set(true);
}

addDept: function (building) {  
  let userId = firebase.auth().currentUser.uid;
  let ownerID = userId; 
  let deptKey = deptsRef.push().key
  let deptName = this.newDept.name;
  this.newDept.inBuilding = building.pushKey; // grabbing the pushKey from a function in the Created hook
  this.newDept.ownerID = userId;
  deptsRef.child(deptKey).set(this.newDept);
  let buildingHasDepts = buildingsRef.child(building.pushKey).child("hasDepts"); // declare the right building node
  buildingHasDepts.child(deptKey).set(true);
}

用于读取数据的组件代码用户:

 <tr v-for="(building, index) in buildings">
    <td>
        <input v-bind:title="building.name" type="text" class="inputTablePlaceholder" ref="inputTablePlaceholder" v-on:keyup="showCancelSave($event)" v-bind:placeholder='building.name'>
        <div class="inputTableButtons">
          <button class="tableButton" style="margin-right: 7px"  @click="keepCurrentBuildingName($event, building), hideCancelSave($event, building)">Cancel</button>
          <button class="tableButton" style="margin-right: 7px" @click="saveBuildingName($event, building), hideCancelSave($event)">Save</button>
        </div>
      </td>
      <td>
        <template v-for="dept in depts" >
         <ul class="tableUl" v-if="dept.inBuilding == building['.key']" >
          <router-link  :to="`/rooms/${dept['.key']}.${dept.name}`">
            <li class="tableLi">{{dept.name}}</li>
          </router-link>
        </ul>
       </template>
     </td>
</tr>

关于如何使这项工作的任何想法?

0 个答案:

没有答案