这是我的示例数据库:
{
"rules": {
"users":{
"$user_id":{
".read": "$user_id == auth.uid && auth != null", // only owner or authenticated user can read
".write": false // No-one can write
}
},
"withdraw_details":{
"$user_id":{
".read": "$user_id == auth.uid && auth != null",// only owner or authenticated user can read
".write": false // No-one can write
}
},
"referrals": {
"$user_id": {
".read": "$user_id == auth.uid && auth != null", // same as above
".write": "$user_id == auth.uid && auth != null", // owner and authenticated can write
"$date": {
// children should be only these
".validate": "newData.hasChildren(['name', 'number', 'city', 'remarks'])",
// you can see further validation rules below
"name": {".validate": "newData.isString() && newData.val().length <= 30"},
"number": {".validate": "newData.isNumber() && newData.val().length == 11"},
"city": {".validate": "newData.isString() && newData.val().length <= 20"},
"remarks": {".validate": "newData.isString() && newData.val().length <= 15"},
// any other child should be rejected
"$other": {".validate": false}
}
}
}
}
这是我尝试在控制台中设置的数据库规则:
private void getDetails() {
databaseReference.child("users").addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@NonNull DataSnapshot snapshot) {
if (snapshot.hasChild(mAuth.getCurrentUser().getUid())) {
AccountDetails accountDetails = snapshot
.child(mAuth.getCurrentUser().getUid())
.getValue(AccountDetails.class);
setValuesToTextViews(
accountDetails.getTotal_balance(),
accountDetails.getTotal_withdraw(),
accountDetails.getCurrent_balance(),
accountDetails.getAccount_status(),
accountDetails.getPaid_referrals(),
accountDetails.getTotal_referrals()
);
}
}
}
@Override
public void onCancelled(@NonNull DatabaseError error) {
Log.w(TAG, "onCancelled: " + error.toException());
Toast.makeText(getActivity(), error.getMessage(), Toast.LENGTH_SHORT).show();
}
});
}
现在,我不知道我在做什么错,因为每次尝试读取任何孩子时,它都会引发“权限被拒绝” 错误。
就像下面的用户详细信息请求一样
>>> arr2 = [[0, 0, 0, -0.9, 0.3], [0, 0, 1, 0.9, 0.6], [0, 1, 0, -0.2, 0.6], [0, 1, 1, 0.8, 0.3], [1, 0, 1, 0.2, 1.0], [1, 1, 0, -0.8, 1.0]]
>>> narr2 = np.array(arr2)
>>> narr2
array([[ 0. , 0. , 0. , -0.9, 0.3],
[ 0. , 0. , 1. , 0.9, 0.6],
[ 0. , 1. , 0. , -0.2, 0.6],
[ 0. , 1. , 1. , 0.8, 0.3],
[ 1. , 0. , 1. , 0.2, 1. ],
[ 1. , 1. , 0. , -0.8, 1. ]])
此外,在进一步澄清后,我希望/ users / uid / && / withdraw_details / uid /仅由其所有者读取,并且auth不应为null。并禁止对这些位置的写访问。
/ referrals / uid /位置应具有对其所有者的读写访问权限,并具有某些条件和验证,如您在上面的数据库规则中所见。
答案 0 :(得分:0)
安全规则本身不会过滤数据。相反,它们只是强制要求您对数据库执行的任何操作都是允许的。
因此,在您的代码中,您将侦听器附加到/users:
databaseReference.child("users").addListenerForSingleValueEvent(new ValueEventListener() {
执行此操作时,规则引擎将检查该用户是否对/users具有读取权限。并且由于没有人对/users具有读取权限,因此它拒绝了该操作。
您要做的是读取特定用户的节点:
databaseReference.child("users").child(mAuth.getCurrentUser().getUid()).addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@NonNull DataSnapshot snapshot) {
AccountDetails accountDetails = snapshot.getValue(AccountDetails.class);
setValuesToTextViews(
accountDetails.getTotal_balance(),
accountDetails.getTotal_withdraw(),
accountDetails.getCurrent_balance(),
accountDetails.getAccount_status(),
accountDetails.getPaid_referrals(),
accountDetails.getTotal_referrals()
);
}
...
有关详细信息,请参阅rules are not filters上的Firebase文档,有关主题的这些search results,例如:Restricting child/field access with security rules