Firebase允许拒绝(Permission denied with Firebase)
我希望我的应用程序的用户有权访问通过实时数据库访问的其他用户的配置文件。 我正在引用db via
ref.once('users/'+uid, snapshot => snapshot.child('users/'+uid).val())
我有的规则:
{ "rules": { "users": { ".read": true, "$uid": { ".write": "$uid === auth.uid" }, }, }
我不知道为什么我无法访问
users/:uid
即使模拟器通过勾选read
并运行<firebaseURL>/users
上的模拟来提供success
消息。如果我设置
".read": true"
在rules
下它确实允许我读取数据,但如果我想要实现我不希望未经授权的用户可用的内容,这可能会".read": true"
我的注意。编辑(解决方案):
问题在于引用firebase。 而不是
firebase.database.ref('users')
我通过firebase.database.ref()
引用了root本身。该引用导致应用默认
read/write
规则。I want users of my app to have access to see profile of other users that is accessed via real-time database. I'm referencing to db via
ref.once('users/'+uid, snapshot => snapshot.child('users/'+uid).val())
Rules i have:
{ "rules": { "users": { ".read": true, "$uid": { ".write": "$uid === auth.uid" }, }, }
I don't get why i can't access
users/:uid
even though simulator givessuccess
message by tickingread
and running simulation on<firebaseURL>/users
.If i set
".read": true"
underrules
it does allow me to read the data, but that may bait me later on if i would want to implement stuff that i don't want to be available to unauthorized users.Edit (solution):
The problem was with referencing to firebase. Instead of
firebase.database.ref('users')
I was referencing too root itself byfirebase.database.ref()
.That reference caused to apply default
read/write
rules.
原文:https://stackoverflow.com/questions/45217092
最满意答案
您可以提供
".read": "auth != null"
以允许所有授权用户读取users
对象下的数据并防止未经授权的用户阅读它。You could give
".read": "auth != null"
to allow all authorised users to read data underusers
object and prevent unauthorised users from reading it.