我目前正在努力定义数据库安全规则。 在创建用户配置文件期间,我使用以下格式为数据库创建更新对象:
firebase.auth().onAuthStateChanged(firebaseUser => {
const currentkey= firebaseUser.uid;
var userCreateObject = {};
userCreateObject['users/' + currentkey + '/username'] = username;
userCreateObject['users/' + currentkey + '/email'] = email;
userCreateObject['users/' + currentkey + '/birthdate'] = birthdate;
userCreateObject['usernames/' + username] = currentkey;
userCreateObject['followed/' + currentkey + '/MAINITEM/item'] = item;
userCreateObject['filters/' + currentkey + '/MAINITEM/item'] = item;
//Start account for the user
firebase.database().ref().update(userCreateObject).then(function() {...})
...
});
但是,以下安全规则会导致操作失败:
{
"rules": {
"filters": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
},
"followed": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
},
"usernames": {
".read": "true",
".write": "auth.uid != null && (!data.exists())"
},
"users": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
}
}
}
即使仅测试更新的“用户”部分,也会拒绝该权限。 那么我的猜测是,定义规则的正确方法是什么,以便它们接受指定元素的创建,即使它之前不存在,稍后,接受用户再次以表格形式进行修改更新?
此外,是否有一种特定的方法来测试这种规则?在第一次定义它们时,我以以下形式进行了模拟:
/用户/ someuidImadeup
{
"username": "username",
"email": "email",
"birthdate": "birthdate"
}
哪种方法正常。和
/用户
{ "someuidImadeup":
{
"username": "username",
"email": "email",
"birthdate": "birthdate"
}
}
失败了。所以我假设更新是以这种形式处理的。