时间戳

首页 > 解决方案 > 无法弄清楚如何修复 Firebase 安全规则

android - 无法弄清楚如何修复 Firebase 安全规则

问题描述

几年前我开始开发这个应用程序,现在我意识到数据库设计不是很好。不幸的是,这个项目变得太复杂了,我无法改变任何东西。该应用程序基本上是一个费用跟踪应用程序,它允许用户添加合作伙伴并一起跟踪费用,因此我希望某些节点只能由帐户所有者及其合作伙伴访问,而其他节点应该可供所有人访问。

这是数据库结构:

 users:
  uid1:
    name:
    expenses:
    partner:
    categories:
      category1:
      category2:
      ...
  uid2:
    ...
    ...

例如,假设我希望任何人都可以访问“名称”和“合作伙伴”,帐户所有者和“合作伙伴”可以访问“费用”

我尝试了以下规则:

{
 "rules": {
    "users":{
      "$uid":{
        "expenses":{
        ".read": "auth.uid === $uid ||root.child('users').child($uid).child('partner').val() === auth.uid",
        ".write": "auth.uid === $uid || root.child('users').child($uid).child('partner').val() === auth.uid"
        },
        "categories":{
          ".read": "auth.uid === $uid ||root.child('users').child($uid).child('partner').val() === auth.uid",
            ".write": "auth.uid === $uid || root.child('users').child($uid).child('partner').val() === auth.uid"
        },"settings":{
            ".read":"auth.uid != null",
            ".write":"auth.uid != null"
        },"bankingApps":{
            ".read":"auth.uid != null",
            ".write":"auth.uid != null"
        },"loans":{
            ".read":"auth.uid != null",
            ".write":"auth.uid != null"
         },"notifications":{
            ".read":"auth.uid != null",
            ".write":"auth.uid != null"
        },"subscriptions":{
            ".read": "auth.uid === $uid",
            ".write":"auth.uid === $uid"
          },
        "receipts":{
         ".read": "auth.uid === $uid ||root.child('users').child($uid).child('partner').val() === auth.uid",
         ".write": "auth.uid === $uid || root.child('users').child($uid).child('partner').val() === auth.uid"
      },"partner":{
        ".read": "auth.uid != $uid",
         ".write":"auth.uid != $uid"
      },"partnerRequest":{
        ".read": "auth.uid != $uid",
         ".write":"auth.uid != $uid"
      },"uid":{
        ".read": "auth.uid === $uid",
         ".write":"auth.uid === $uid"
      },"theme":{
        ".read": "auth.uid === $uid",
         ".write":"auth.uid === $uid"
      },"fullname":{
        ".read": "auth.uid != $uid",
         ".write":"auth.uid != $uid"
      },"username":{
        ".read": "auth.uid != $uid",
         ".write":"auth.uid != $uid"
      }
      }
    }
}

}

使用这些规则,某些功能将停止工作。任何帮助是极大的赞赏。

标签: androidfirebase-realtime-databasefirebase-security

解决方案

推荐阅读