火力地堡安全写入规则

Question

因此，这里是到目前为止我的安全结构：

{ 
    "rules": 
    { 
     "users": 
     { 
      "$user": 
      { 
       ".read": true, 
       "Age": 
       { 
        ".write": "$user === auth.uid", 
        ".validate": "newData.isNumber()" 
       }, 
       "Name": 
       { 
        ".write": "$user === auth.uid", 
        ".validate": "newData.isString()" 
       }, 
       "friends": 
       { 
        "$friend": 
        { 
         "Age": 
         { 
          ".write": "$user === auth.uid || $friend === auth.uid", 
          ".validate": "newData.isString()" 
         }, 
         "Name": 
         { 
          ".write": "$user === auth.uid || $friend === auth.uid", 
          ".validate": "newData.isNumber()" 
         } 
        } 
       } 
      } 
     } 
    } 
} 

现在，当我试图写“$用户”给用户，我有以下错误：

Attempt to write Success({"42":{"Age":42,"Name":"Nick","friends":{"11":{"Age":11,"Name":"Rob"}}}}) to /users with auth=Success({"id":42,"provider":"anonymous","uid":"anonymous:42"}) 
/
/users 

No .write rule allowed the operation. 
Write was denied. 

当我设置.write规则的用户，那么所有的写操作规则将被改写。我需要指定$user的所有特征只能写成$user，但$friend可以写成$friend和$user。当我推送用户时，我会将其推送给朋友，但之后我需要朋友能够在不同的用户路径上更改他们的数据。你有什么想法？

谢谢！

Answer 1

好吧，所以我玩了一些规则，并决定把孩子的书写规则纳入验证，它的工作原理非常棒。这里是我的最终代码：

{ 
"rules": 
{ 
    "users": 
    { 
     "$user": 
     { 
      ".read": true, 
      ".write": "$user === auth.uid", 
      "Age": 
      { 
       ".validate": "newData.isNumber()" 
      }, 
      "Name": 
      { 
       ".validate": "newData.isString()" 
      }, 
      "friends": 
      { 
       "$friend": 
       { 
        "Age": 
        { 
         ".validate": "newData.isString() && ($user === auth.uid || $friend === auth.uid)" 
        }, 
        "Name": 
        { 
         ".validate": "newData.isNumber() && ($user === auth.uid || $friend === auth.uid)" 
        } 
       } 
      } 
     } 
    } 
} 
}