更新时间:2022-02-02 21:41:08
您绝对可以使用当前的数据结构保护对私有和公共数据的访问.
You can definitely secure access to the private and public data with your current data structure.
但您有时可能想要的一个用例是显示所有用户的公共信息列表.使用您当前的数据结构是不可能的,因为 Firebase 的安全模型无法使用过滤数据.有关此问题的出色答案,请参阅 限制子/字段访问安全规则.
But one use-case you'll likely want at some point is to show a list of the public info for all users. With your current data structure that is not possible, because Firebase's security model cannot be used to filter data. For a great answer covering this, see Restricting child/field access with security rules.
大多数开发人员将公共数据和私有数据拆分为完全独立的子树:
Most developers split the public and private data in completely separate subtrees:
{
"users" : {
"YFIIAgwa2kaannrXjwvSZmoywma2" : {
"Name:" : "Example 1",
},
"YgSfSzPzxLbyDL17r6P9id2cdvH2" : {
"Name:" : "Example 2",
}
},
"public_profiles": {
"YFIIAgwa2kaannrXjwvSZmoywma2" : {
"email" : "example1@gmail.com"
},
"YgSfSzPzxLbyDL17r6P9id2cdvH2" : {
"email" : "example2@gmail.com"
}
}
}
然后您可以通过以下方式保护访问:
You can then secure access with:
{
"rules": {
"users": {
"$uid":{
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid",
}
},
"public_profiles": {
".read": "auth != null",
"$uid":{
".write": "auth != null && auth.uid == $uid",
}
}
}
}
现在任何经过身份验证的用户都可以收听 /public_profiles
,这意味着您可以轻松显示这些配置文件的列表.
Now any authenticated user can listen to /public_profiles
, which means you can easily show a list of these profiles.