带firebase嵌套子图的安全规则
我正在尝试使用firebase创建一个文本编辑器应用程序,该应用程序允许用户创建文档,但它们也可以在现有文档中嵌套新文档(在编辑文档时,他们将能够单击一个将添加新的按钮数据库中的文档并在编辑器中插入链接,该链接将重定向到此页面):
用户可以与其他用户共享文档,但随后他们应该可以访问所有嵌套文档作为出色地。因此,现在我想知道如何编写安全规则来做到这一点。
我认为构建实时数据库的最佳方法是将所有文档存储在根部,然后添加parentdocument或path> path属性属性每个文档:
{
"documents": {
"doc-1": {
"title":"Lorem ipsum",
"content": "...",
"path":"/",
"owner":"user-1",
"canAccess":{
"user-3":true
}
},
"doc-2": {
"title":"Dolor sit",
"content": "...",
"path":"/doc-1/",
"owner": "user-1"
"canAccess": {
"user-2":true
}
}
},
"users": {
"user-1": { ... },
"user-2": { ... },
"user-3": { ... }
}
}
↑在下面的示例中,
- DOC-2嵌套在DOC-1
- USER-1中可以访问DOC-1和DOC-2
- USER-2可以访问Doc-2,只有
- user-3可以访问DOC-1和Doc-2
,但现在我不知道如何管理安全规则,因为要检查用户是否可以访问特定文档,我想它需要遍历其每个父母(使用其path 或parentdocument prop)。也许我还可以在上指定canaccess prop prop 文档,但是只要父母的canaccess prop更新,我就必须更新每个嵌套的文档。 ...
任何帮助将不胜感激
I am trying to create a text editor app using firebase that allows users to create documents, but they can also nest a new document inside an existing document (when editing a document, they would be able to click on a button that would add a new document in the database and insert a link in the editor that redirects towards this page):
A user would be able to share a document with other users, but then they should have access to all the nested documents as well. So now I am wondering how to write the security rules to do that.
I think the best way to structure the realtime database would be to store all documents at the root, and then add a parentDocument or path property to each document:
{
"documents": {
"doc-1": {
"title":"Lorem ipsum",
"content": "...",
"path":"/",
"owner":"user-1",
"canAccess":{
"user-3":true
}
},
"doc-2": {
"title":"Dolor sit",
"content": "...",
"path":"/doc-1/",
"owner": "user-1"
"canAccess": {
"user-2":true
}
}
},
"users": {
"user-1": { ... },
"user-2": { ... },
"user-3": { ... }
}
}
↑ In the example below,
- doc-2 is nested inside doc-1
- user-1 can access both doc-1 and doc-2
- user-2 can access doc-2 only
- user-3 can access both doc-1 and doc-2
But now I do not know how to manage the security rules, because to check if a user has access to a specific document, I guess it would need to go through each of its parents (using its path or parentDocument prop). Perhaps I could also specify the canAccess prop on each document, but then I would have to update each nested document whenever a parent's canAccess prop is updated...
Any help would be greatly appreciated
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在Firebase实时数据库模型中这意味着,一旦您在特定路径上授予用户(读取或写入)权限,他们也可以访问该路径下的所有数据。您再也无法在较低级别上撤销许可。
因此,您的需求实际上与此模型非常匹配,我建议您尝试实现它并遇到问题,并进行报告。
In the Firebase Realtime Database model permission automatically cascades downwards. This means that once you grant a user (read or write) permission on a specific path, they can also access all data under that path. You can never revoke the permission at a lower level anymore.
So your requirement actually matches really nicely with this model, and I'd recommend just trying to implement it and reporting back if you run into problems.