Firebase实时数据库规则:从子级访问父级变量

huangapple go评论57阅读模式
英文:

Firebase Realtime Database Rule Access parent variable from child

问题

如何访问变量 $cliente
auth.token.place == $cliente 比较失败。

auth.token.place 是可以的,我与一个常量进行比较 (auth.token.place == 23),它可以工作。但 $cliente 与相同的常量比较失败 ($cliente == 23)。

我有以下规则:

{
  /* 请访问 https://firebase.google.com/docs/database/security 了解更多关于安全规则的信息。 */
  "rules": {
    "clientes": {      
      "$cliente": {
        "tvs": {
          ".read": true,
          ".write": false,
        },    
        "chats": 
        {
          ".read": true,
          ".write": "auth !== null && auth.token.place == $cliente"
        }
      }
    }
  }    
}
firebase.database().ref('clientes/' + id + '/chats/' + dest).set({
  from: MY_ID,
  to: msg_to,
  message: " ",
  date: Date.now()
});

结构示例:

clientes
    2
      tvs
        ...
      chats      
        128_239
         { from: "239"
           message: "fngdkfngd dkfjfds"
           to: 128,
           date: 543657654654
         }

我只想让属于相同 $cliente 的用户访问。

我得到了“权限被拒绝”的错误。

英文:

How can I access variable $cliente?
The auth.token.place == $cliente comparison fails.

auth.token.place is fine I compare with a constant (auth.token.place == 23) and it works. But $cliente compared with the same constant fails ($cliente == 23).

I have this rule below:

{
  /* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
  "rules": {
    "clientes" : {      
      "$cliente" : {
        "tvs" : {
          ".read": true,
          ".write": false,
        },    
        "chats" : 
        {
          ".read": true,
          ".write": "auth !== null && auth.token.place == $cliente"
        }
      }
    }
  }    
}
firebase.database().ref('clientes/'+id+'/chats/'+dest).set({
  from: MY_ID,
  to: msg_to,
  message : " ",
  date: Date.now()
});

Structure example:

clientes
    2
      tvs
        ...
      chats      
        128_239
         { from: "239"
           message:"fngdkfngd dkfjfds"
           to:128,
           date: 543657654654
         }

I just want to give access to users that belongs from the same $cliente.

I am getting PERMISSION DENIED.

答案1

得分: 1

I got it.

Actually auth.token.place is a number not a String and @cliente is a String.

So I need to convert to compare. That is how I did.

{
  /* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
  "rules": {
    "clientes": {      
      "$cliente": {
        "tvs": {
          ".read": true,
          ".write": false
        },    
        "chats": {
          ".read": true,
          ".write": "auth !== null && ('' + auth.token.place) == $cliente"
        }
      }
    }
  }    
}
英文:

I got it.

Actually auth.token.place is a number not a String and @cliente is a String.

So I need to convert to compare. That is how I did.


{
  /* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
  "rules": {
    "clientes" : {      
      "$cliente" : {
        "tvs" : {
          ".read": true,
          ".write": false,
        },    
        "chats" : 
        {
          ".read": true,
          ".write": "auth !== null && (''+auth.token.place) == $cliente"
        }
      }
    }
  }    
}

huangapple
  • 本文由 发表于 2023年3月15日 21:14:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/75745234.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定