0
我正在尝试在Firebase中存储笔记对象的简单测试,并使用用户安全规则来确保笔记只能读取和写入作者。如何仅允许读/写对象通过Firebase进行身份验证的用户?
这里是存储在火力点的数据是什么样子:
my_firebase_db
- notes
- K835Tw_H28XXb-Sj4b
- text: "note 1 from author 1",
- user_id: "11b09925-534b-4955-ac55-3e234809432f"
- K835Tw_H28XXb-Sj4b
- text: "note 1 from author 2",
- user_id: "11b09925-534b-4955-ac55-4d223893382c"
- K835Tw_H28XXb-Sj4b
- text: "note 2 from author 2",
- user_id: "11b09925-534b-4955-ac55-4d223893382c"
角码(AngularFire)与自定义的标记,加载注释和方法验证用户添加注释:
var ref = new Firebase("https://xxx.firebaseio.com");
// Authenticate users with a custom authentication token
$firebaseAuth(ref).$authWithCustomToken(data.token).then(function(authData) {
console.log("Logged in as:", authData.uid);
$scope.user_id = authData.uid;
}).catch(function(error) {
console.error("Authentication failed:", error);
});
// Load notes
$scope.notes = $firebaseArray(ref.child('notes'));
$scope.addNote = function() {
note = {
user_id: $scope.user_id,
text: $scope.newNote.text
};
$scope.notes.$add(note);
};
安全&规则设置在火力地堡:
{
"rules": {
"notes": {
".read": "auth != null && data.child('user_id').val() === auth.uid",
".write": "auth != null && newData.child('user_id').val() === auth.uid"
}
}
}
在TH技术ese规则,读取&写入是不允许的。
如果我改变规则,这一点,那么阅读&写允许(但笔者可以阅读大家的注意事项):
{
"rules": {
"notes": {
".read": "auth != null",
".write": "auth != null"
}
}
}
我怎么能写在火力安全规则,将允许身份验证的用户读&写自己的笔记?