由于 Firebase 实时数据库规则的方式cascade https://firebase.google.com/docs/database/security#section-authorization进入更深的键,允许people/UserId1
可写UserId2
不建议,因为这将允许UserId2
对其他用户存储的数据的写访问权限people/UserId1
like people/UserId1/UserId3
.
但是,使用此特征,当我们深入了解数据结构时,我们可以“添加”具有读写权限的用户。
所以新的条件是:
-
people/UserId1
- UserId1 具有读写权限
-
people/UserId1/UserId2
- UserId2 具有读写权限
-
people/UserId1/UserId2
- 必须始终包含“name”、“id”和“image”键
-
people/UserId1/UserId3
- UserId2 无法读取/写入
{
"rules": {
"people": {
"$userId1": {
"$userId2": {
".read": "auth.uid == $userId2", // add $userId2 to those granted read permission, cascades into deeper keys
".write": "auth.uid == $userId2", // add $userId2 to those granted write permission, cascades into deeper keys
".validate": "newData.hasChildren(['name', 'id', 'image'])" // any new data must have 'name', 'id' and 'image' fields.
},
".read": "auth.uid == $userId1", // add $userId1 to those granted read permission, cascades into deeper keys
".write": "auth.uid == $userId1" // add $userId1 to those granted write permission, cascades into deeper keys
}
}
}
最后,如果还需要people/UserId1/UserId2/id
等于UserId2
,您可以更改".validate"
执行此规则的规则:
".validate": "newData.hasChildren(['name', 'id', 'image']) && newData.child('id').val() == $userId2" // any new data must have 'name', 'id' and 'image' fields and 'id' must have a value of $userId2