时间戳

首页 > 解决方案 > 如何指定firebase数据库规则“超出范围”?

javascript - 如何指定firebase数据库规则“超出范围”?

问题描述

我的数据库结构现在看起来像这样:

database: {
  users: {
    uniqueUserId1: {
      name: "an user",
      company: "Company1",
      rank: "manager"
    }
  }
  rota: {
    Company1: {
      2018: "rota for 2018"
    }
  }
}

所以我不想让用户阅读所有公司的名单,只是他们拥有公司的名单。

对于用户规则来说,这并不难:

rules: {
  "rules": {
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    },

    //But a bit complicated for things "outside the scope".
    //What I want is something like:

    "rota": {
      "$company": {
        ".read": "$company === users[auth.uid].company",
        ".write": "$company === users[auth.uid].company && users[auth.uid].rank === 'manager'"
      }
    }
  }
}

我知道这些规则不起作用,但是如何解决这个问题呢?

标签: javascriptfirebasefirebase-realtime-databasefirebase-security

解决方案

You'll need to build the path to the user data by starting with root. So you're looking for something like this:

".read": "$company === root.child('users').child(auth.uid).child('company').val()",

Also see:

推荐阅读