如何使用嵌套安全规则从 Firebase 数据库获取所有资源?
在firebase中,是否可以配置规则,以便在获取父资源时,仅返回用户有权访问的子项目?
我有一个像这样的数据结构:
{
application_access_request: {
app_id_1: {
access_key_1: {
email: "[email protected]"
},
},
app_id_2: {
access_key_2: {
email: [email protected]
},
}
}
}
然后我有这样的规则:
{
"application_access_request": {
"$appId": {
"$accessId": {
".read": "data.child($accessId).child('email').val() === auth.token.email",
},
}
},
}
作为使用电子邮件登录的用户 [电子邮件受保护], 当我从 application_access_request/ 请求所有资源时, 然后我希望 app_id_1 及其子项可访问/返回给用户,
是否可以允许读取所有 application_access_request 但仅返回经过身份验证的用户拥有的应用程序访问?
In firebase, is it possible to configure a rule so that when a parent resource is fetched, it only returns child items that the user as access to?
I have a data structure like so:
{
application_access_request: {
app_id_1: {
access_key_1: {
email: "[email protected]"
},
},
app_id_2: {
access_key_2: {
email: [email protected]
},
}
}
}
And then I have rules like so:
{
"application_access_request": {
"$appId": {
"$accessId": {
".read": "data.child($accessId).child('email').val() === auth.token.email",
},
}
},
}
As a user logged in with email [email protected],
When I request all resources from application_access_request/,
Then I want app_id_1 and it's children to be accessable / returned to the user,
Is it possible to allow reading of all application_access_request but only return apps that the auth'd user has access to?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不可以,安全规则不能用于有选择地返回信息(请参阅规则不过滤器)。但是,您可以使用查询来解决此用例。例如,如果您的数据是结构化的:
您可以使用 query-基于规则来限制查询:
No, security rules cannot be used to selectively return information (see rules are not filters). You may, however, be able to use querying to solve this use case. For example, if your data was structured:
You can use query-based rules to limit querying: