0
因此,这里是到目前为止我的安全结构:火力地堡安全写入规则
{
"rules":
{
"users":
{
"$user":
{
".read": true,
"Age":
{
".write": "$user === auth.uid",
".validate": "newData.isNumber()"
},
"Name":
{
".write": "$user === auth.uid",
".validate": "newData.isString()"
},
"friends":
{
"$friend":
{
"Age":
{
".write": "$user === auth.uid || $friend === auth.uid",
".validate": "newData.isString()"
},
"Name":
{
".write": "$user === auth.uid || $friend === auth.uid",
".validate": "newData.isNumber()"
}
}
}
}
}
}
}
现在,当我试图写“$用户”给用户,我有以下错误:
Attempt to write Success({"42":{"Age":42,"Name":"Nick","friends":{"11":{"Age":11,"Name":"Rob"}}}}) to /users with auth=Success({"id":42,"provider":"anonymous","uid":"anonymous:42"})
/
/users
No .write rule allowed the operation.
Write was denied.
当我设置.write
规则的用户,那么所有的写操作规则将被改写。我需要指定$user
的所有特征只能写成$user
,但$friend
可以写成$friend
和$user
。当我推送用户时,我会将其推送给朋友,但之后我需要朋友能够在不同的用户路径上更改他们的数据。你有什么想法?
谢谢!