Firebase数据库删除安全规则

Michael Lai

我目前正在创建Firebase安全规则，以防止用户将节点设置为null并删除该节点中的所有数据。

这是我的图式

{
  "folder" : {
    "item1" : {
      "dataset1" : {
        "data1" : 123,
        "data2" : 456,
        "data3" : 789
      }
    }
  }
}

这些是我的规则

{
  "rules": {
    "folder": {
//    users cannot delete items in the node folder
      ".write": "newData.exists()",
//    item is a variable
      "$item": {
        "dataset1": {
//        dataset1 must have certain nodes and can't be deleted (set to null)
          ".validate": "data.hasChildren(['data1', 'data2', 'data3']) && newData.exists()",
          "data1": {".validate": "newData.isNumber()"},
          "data2": {".validate": "newData.isNumber()"},
          "data3": {".validate": "newData.isNumber()"},
//        using the variable $other means any node that isn't data1, data2, data3 is denied
          "$other": {".validate": false}
        }
      }
    }
  }
}

使用内置的模拟器，我得到以下结果：

写入被正确拒绝，并且不允许用户将文件夹节点设置为null

当位置设置为“ / folder / item1”和“ / folder / item1 / dataset1”时，此方法有效

但是，当location设置为“ / folder / item1 / dataset1 / data1”时，允许写操作并删除数据。

如果我在data1中有更深的节点，则将它们全部删除，因为允许写入。

感谢您阅读。开放任何答案，最好我不需要更改架构。

弗兰克·范普菲伦

It's not really clear to me what you're asking. But there are a few problems with your rules, so I'll just point those out in hopes that they answer your question.

you grant write access on /folder, which you cannot take away at a lower level.
As long as any data is left under /folder any write is allowed. A thing to keep in mind is that newData is the data at the location as it will exist after the write operation; it is not just the new data that is written.
I have the impression that you're trying to prevent the deletion with .validate rules. Keep in mind that validation is not performed when deleting data, so you cannot use .validate rules to prevent deletion.

I suspect that #2 is causing your current problem.

本文收集自互联网，转载请注明来源。

如有侵权，请联系 [email protected] 删除。