我正试图以一种简单的方式使用"读"one_answers"写"规则,似乎相同的条件会导致它们各自不同的行为。
my rules:
{
"rules": {
".read": true,
".write": false,
"chat": {
".write": true
},
"users": {
"$user_id": {
".read": "$user_id === auth.uid",
".write": "$user_id === auth.uid"
}
}
}
从模拟器写入响应:
Attempt to write {"key":"value"} to /users/1 with auth={"provider":"anonymous","uid":"1234"}
/:.write: "false"
=> false
/users
/users/1:.write: "$user_id === auth.uid"
=> false
No .write rule allowed the operation.
Write was denied.
从模拟器读取响应:
Attempt to read /users/1 with auth={"provider":"anonymous","uid":"1234"}
/: "true"
=> true
Read was allowed.
为什么?
在规则的顶层,允许读,禁止写
{
"rules": {
".read": true,
".write": false,
Firebase规则是自上而下的:一旦你允许某一级别上的某些内容,你就不能在更低的级别上删除它。Firebase文档是这样说的:
这是理解安全和Firebase规则的关键概念。子规则只能向父节点已经声明的内容授予额外特权。它们不能撤销读或写权限。
所以你的顶级".read": true,取代了你放在较低级别的任何读规则。