从Firebase拒绝已认证用户的读取

时间:2018-12-12 02:51:32

标签: firebase firebase-realtime-database firebase-security-rules

大家好,我是新手,在模拟安全规则时一直遇到问题。看来,即使使用经过身份验证的uid,我也无法访问读取“ Flashcards”(第4行:拒绝读取);都不使用管理员uid,请在“抽认卡”上写(第5行)。对可能发生的事情有任何了解吗?

谢谢!

这些是我的规则:

{
   "rules": {
     "Flashcards": {
        ".read": "root.child('users').hasChild('auth.uid')",
        ".write": "root.child('admins').hasChild('auth.uid')"
         },
     "users": {
      "$uid": {
          ".read": "$uid === auth.uid",
          ".write": "$uid === auth.uid"
              } 
      }
}
}

这是我的数据库的示例:

{
  "Flashcards": {
    "Deck A": {
      "1": [
        {
            "Question": "Question A",
            "Answer": "Answer A"
        },
        {
            "Question": "Question B",
            "Answer": "Answer B"
        },
        {
            "Question": "Question C",
            "Answer": "Answer C"
        }
        ],
        "2": [
            {
                "Question": "Question A",
                "Answer": "Answer A"
            },
            {
                "Question": "Question B",
                "Answer": "Answer B"
            },
            {
                "Question": "Question C",
                "Answer": "Answer C"
            }
            ]
    }
    },
  "admins": {
    "uid": {
        "name" : "John"
        }
  },
  "users": {
    "uid" : {
        "Actividad" : "Otro"
      },
      "uid" : {
        "Actividad" : "Otro"
      }
    }
}

1 个答案:

答案 0 :(得分:2)

正在发生的情况是您将'auth.uid'用作字符串,而不是用作预定义变量。 因此,读取规则应如下所示(不带单引号):

    ".read": "root.child('users').hasChild(auth.uid)"