您绝对可以使用当前的数据结构保护对私有和公共数据的访问.

You can definitely secure access to the private and public data with your current data structure.

但您有时可能想要的一个用例是显示所有用户的公共信息列表.使用您当前的数据结构是不可能的，因为 Firebase 的安全模型无法使用过滤数据.有关此问题的出色答案，请参阅 限制子/字段访问安全规则.

But one use-case you'll likely want at some point is to show a list of the public info for all users. With your current data structure that is not possible, because Firebase's security model cannot be used to filter data. For a great answer covering this, see Restricting child/field access with security rules.

大多数开发人员将公共数据和私有数据拆分为完全独立的子树:

Most developers split the public and private data in completely separate subtrees:

{
  "users" : {
    "YFIIAgwa2kaannrXjwvSZmoywma2" : {
      "Name:" : "Example 1",
    },
    "YgSfSzPzxLbyDL17r6P9id2cdvH2" : {
      "Name:" : "Example 2",
    }
  },
  "public_profiles": {
    "YFIIAgwa2kaannrXjwvSZmoywma2" : {
      "email" : "example1@gmail.com"
    },
    "YgSfSzPzxLbyDL17r6P9id2cdvH2" : {
      "email" : "example2@gmail.com"
    }
  }
}

然后您可以通过以下方式保护访问:

You can then secure access with:

{
  "rules": {
     "users": {
        "$uid":{ 
             ".read": "auth != null && auth.uid == $uid",
             ".write": "auth != null && auth.uid == $uid",
        }
     },
     "public_profiles": {
        ".read": "auth != null",
        "$uid":{ 
             ".write": "auth != null && auth.uid == $uid",
        }
     }
  }
}

现在任何经过​​身份验证的用户都可以收听 /public_profiles，这意味着您可以轻松显示这些配置文件的列表.

Now any authenticated user can listen to /public_profiles, which means you can easily show a list of these profiles.