火基实时数据库规则
火基实时数据库规则
提问于 2020-10-17 13:02:41
下面是我的示例数据库:
{
"referrals" : {
"Nr7sS4xV1fO59wjCqbEabLlK8RF3" : {
"16-10-2020" : {
"-MJhjQddWdWDImj98Sov" : {
"city" : "hyhy",
"name" : "mmmm",
"number" : "03058852844",
"remarks" : "pg"
},
"-MJhmeRiqeXskncHJF61" : {
"city" : "vsva",
"name" : "yhyh",
"number" : "02089453882",
"remarks" : "pg"
}
},
"total_referrals" : 2
},
"jpeoZQAPdZY4yEt8yGifGZi4U4r1" : {
"16-10-2020" : {
"-MJlzrS8xX8MGN1ar9uw" : {
"city" : "lahore",
"name" : "khursand",
"number" : "03014181394",
"remarks" : "paid"
},
"-MJm-LFhEEMBzBPRftlC" : {
"city" : "lahore",
"name" : "khursand",
"number" : "03014141111",
"remarks" : "pg"
}
},
"total_referrals" : 2
}
},
"users" : {
"Nr7sS4xV1fO59wjCqbEabLlK8RF3" : {
"account_status" : "Level 1",
"current_balance" : "0",
"isBan" : false,
"paid_referrals" : "0",
"total_balance" : "0",
"total_withdraw" : "0"
},
"jpeoZQAPdZY4yEt8yGifGZi4U4r1" : {
"account_status" : "Level 1",
"current_balance" : "0",
"paid_referrals" : "0",
"total_balance" : "0",
"total_withdraw" : "0"
}
},
"withdraw_details" : {
"Nr7sS4xV1fO59wjCqbEabLlK8RF3" : {
"-MJMgVd3TuWYjdGSd-FY" : {
"amount" : "600",
"date" : "11/10/2020",
"method" : "Easypaisa",
"number" : "03058853833",
"tid" : "90124678573"
}
},
"jpeoZQAPdZY4yEt8yGifGZi4U4r1" : {
"-MJm7SfTwWafae85ayRq" : {
"amount" : "600",
"date" : "11/10/2020",
"method" : "Easypaisa",
"number" : "03494628929",
"tid" : "90124678573"
}
}
}
}下面是我尝试在控制台中设置的数据库规则:
{
"rules": {
"users":{
"$user_id":{
".read": "$user_id == auth.uid && auth != null", // only owner or authenticated user can read
".write": false // No-one can write
}
},
"withdraw_details":{
"$user_id":{
".read": "$user_id == auth.uid && auth != null",// only owner or authenticated user can read
".write": false // No-one can write
}
},
"referrals": {
"$user_id": {
".read": "$user_id == auth.uid && auth != null", // same as above
".write": "$user_id == auth.uid && auth != null", // owner and authenticated can write
"$date": {
// children should be only these
".validate": "newData.hasChildren(['name', 'number', 'city', 'remarks'])",
// you can see further validation rules below
"name": {".validate": "newData.isString() && newData.val().length <= 30"},
"number": {".validate": "newData.isNumber() && newData.val().length == 11"},
"city": {".validate": "newData.isString() && newData.val().length <= 20"},
"remarks": {".validate": "newData.isString() && newData.val().length <= 15"},
// any other child should be rejected
"$other": {".validate": false}
}
}
}
}现在我不知道我在这里做错了什么,因为每次我试着读任何孩子,它都会抛出一个“拒绝许可”的错误。
与下面的用户详细信息请求类似
private void getDetails() {
databaseReference.child("users").addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@NonNull DataSnapshot snapshot) {
if (snapshot.hasChild(mAuth.getCurrentUser().getUid())) {
AccountDetails accountDetails = snapshot
.child(mAuth.getCurrentUser().getUid())
.getValue(AccountDetails.class);
setValuesToTextViews(
accountDetails.getTotal_balance(),
accountDetails.getTotal_withdraw(),
accountDetails.getCurrent_balance(),
accountDetails.getAccount_status(),
accountDetails.getPaid_referrals(),
accountDetails.getTotal_referrals()
);
}
}
}
@Override
public void onCancelled(@NonNull DatabaseError error) {
Log.w(TAG, "onCancelled: " + error.toException());
Toast.makeText(getActivity(), error.getMessage(), Toast.LENGTH_SHORT).show();
}
});
}此外,关于进一步的澄清,我希望/user/uid/&users_details/uid/只能由它的所有者读取,并且auth不应该是空的。并且应该拒绝对这些位置的写入访问。
/referrals/uid/ location应该具有对其所有者的读写访问权限,并具有一定的标准和有效性,正如您在上面的数据库规则中所看到的那样。
回答 1
Stack Overflow用户
回答已采纳
发布于 2020-10-17 14:31:33
安全规则本身不过滤数据。相反,它们只是强制您在数据库上执行的任何操作都是允许的。
因此,在代码中,将侦听器附加到/users
databaseReference.child("users").addListenerForSingleValueEvent(new ValueEventListener() {执行此操作时,规则引擎将检查此用户是否对/users具有读取权限。而且,由于没有人在/users上读取权限,所以它拒绝了该操作。
相反,您要做的是为特定用户读取节点:
databaseReference.child("users").child(mAuth.getCurrentUser().getUid()).addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@NonNull DataSnapshot snapshot) {
AccountDetails accountDetails = snapshot.getValue(AccountDetails.class);
setValuesToTextViews(
accountDetails.getTotal_balance(),
accountDetails.getTotal_withdraw(),
accountDetails.getCurrent_balance(),
accountDetails.getAccount_status(),
accountDetails.getPaid_referrals(),
accountDetails.getTotal_referrals()
);
}
...有关这方面的更多信息,请参见规则不是过滤器上的Firebase文档、关于该主题的这些搜索结果,例如:使用安全规则限制子/字段访问
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/64402768
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号