1

我希望仅当用户拥有令牌(邀请)时才允许用户创建帐户。在我的 Firebase Security 中,我有:

{
"rules": {
  ".read": false,
  ".write": false,
  "users": {
    // allow to write if in the invitations there is child equal to token from newData()
    ".write":"root.child('invitations').hasChild(newData.child('token').val())",  
  },
 "invitations":{
   "$invitation":{
     ".read": "true"
   }
  }
}

}

就像在评论中一样,我想允许写如果在邀请中有孩子等于来自 newData() 的令牌。

从模拟器:

Attempt to write {"token":"evl6yky3vi0pmn29","name":"John"} to /users/99 with auth=null
/:.write: "false"
    => false
/users:.write: "root.child('invitations').hasChild(newData.child('token').val())"
6:52: hasChild() expects a string argument.
    => false
/users/99:<no rules>

我该怎么做?

4

1 回答 1

4

你几乎已经完美了。这里唯一的缺陷是你试图写信给 users/99,但是你把规则放在 users/.

大概,你的意思是:

"users": {
   "$user_id": {
      // allow to write if in the invitations there is child equal to token from newData()
      ".write":"root.child('invitations').hasChild(newData.child('token').val())",  
   }
},
于 2013-12-09T15:08:23.327 回答