2

我为我的应用程序尝试了以下安全规则,但遇到了问题。我的 Firebase 中有一个用户,唯一 ID 为 2。

{
  "rules": {
    "users": {
      "$user": {
        ".read": "$user == auth.id",
        ".write": "$user == auth.id"
      }
    }
  }
}

我已经检查过,当我这样做时".write": "$user == 2",我将无法在 firebase 上写作,但是当我这样做时".write": "$user == '2'",我将能够在 firebase 上写作。

另一方面,当我这样做时".write": "auth.id == 2",我将能够在 firebase 上写作。

似乎 $user 被视为字符串,而 auth.id 被视为数字。我已经检查了https://www.firebase.com/docs/security/上的文档,但事实证明它对这个问题没有帮助。

在绝望的尝试中,我尝试".write": "$user == auth.id.toString()"了这当然给了我这个错误:“6:29:类型错误:目标上的函数调用不是一个函数。”

任何人都可以就这件事给我一些建议吗?

我能想到的唯一解决方法是将“userId”作为 $user 的子项包含在内,这将被读取为数字值而不是字符串。

4

2 回答 2

2

需要解决方法(在另一个答案的评论中提到)才能在 Firebase 模拟器中为我工作:

$user == '' + auth.id

于 2014-10-02T01:18:17.167 回答
2

There are two non-obvious details that may be tripping you up.

Security rules are always evaluated using ===

Your == is automatically converted to === by the security rules; to read more about it, check out the "rules expressions" section of the document.

Record IDs are converted to strings

The user ID you inserted (2) is being converted to a string (I can't find the doc on that but remember reading it). In other words, the record ID is "2" and not 2 so your value in the auth data needs to match that.

Hope this helps :)

于 2012-12-24T16:18:57.047 回答