{
"categories": {
"c-NgA8_ZDjEur3HowEFVD": {
"create_date": 1696699144485,
"creator": "Codw8lfHuDcUox1Xe4ima15OGXi1",
"delete_date": "",
"description": "Am Abend ein schönes Nachtessen",
"title": "Nachtessen",
"update_date": ""
}
},
"ideas": {
"i-NgAD6p5s8G5rJWAQo48": {
"category": "c-NgA8_ZDjEur3HowEFVD",
"create_date": 1696700333404,
"creator": "Codw8lfHuDcUox1Xe4ima15OGXi1",
"delete_date": "",
"description": "Essen im Vito in Zürich",
"title": "Essen im Vito",
"update_date": ""
}
}
}
{
"rules": {
"categories": {
".indexOn": ["creator"],
"$category_id": {
".read": "data.child('creator').val() === auth.uid",
".write": "!data.exists()"
}
},
"ideas": {
".indexOn": ["creator"],
"$idea_id": {
".read": "data.child('creator').val() === auth.uid",
".write": "!data.exists()"
}
}
}
}
const categoriesRefOrdered = query(
categoriesRef,
orderByChild('creator'),
equalTo(account.uid),
);
const unsubscriber = onValue(categoriesRefOrdered, (snapshot) => {
const val: CategoriesObjectType = snapshot.val();
if (val) {
const array = objectToArray(val);
dispatch(initCategories(array));
} else {
dispatch(initCategories(null));
}
});
我在没有 $category_id 行的情况下尝试了相同的操作。
“creator”字符串是用户的uid。我的尝试是只让创建者读取他的数据。
我尝试用这个进行调试:
模拟结果 询问详情
{
"auth": {
"uid": "Codw8lfHuDcUox1Xe4ima15OGXi1",
"token": {
"sub": "Codw8lfHuDcUox1Xe4ima15OGXi1",
"firebase": {
"sign_in_provider": "password"
},
"email": "",
"email_verified": false
}
},
"resource": {
"key": "value"
},
"path": "/categories",
"method": "get",
"time": "2023-10-09T13:07:39.316Z",
"isAdmin": false
}
结果详情 5号线(/类别) 读取:“data.child('creator').val() === auth.uid”
您的代码尝试从数据库中的
categories要安全地查询数据,您需要这样的东西:
{
"rules": {
"categories": {
".indexOn": ["creator"],
".read": "auth.uid !== null &&
query.orderByChild === 'creator' &&
query.equalTo === auth.uid",
...
现在规则允许用户读取
categoriescreator