firebase-security

问题 ,"people" : { ".read": "auth != null", "$uid": { }, "e2" : { ".read": "auth.uid != null", ".write": "$uid == auth.uid" }, "l1" : { ".read": "auth.uid != null", ".write": "auth.uid != null" } So e2 is the @ of an email. For example @gmail or @aol or @yahoo. For the l1 child, I want to make the write rule: Write if auth.uid != null && e2 has the same value as the e2 of the person you are writing l1 to. The furthest I could get, is something like this: "data.parent().child(people).hasChildren([

问题 I have a bunch of documents that contain a few fields each. How can I write rules that only apply to a specific field in each document? For example, if my documents looked like this: { "displayName": "John Doe", // read and write "accessLevel": 3 // read only } How could I make it so that you can Read display name and access level Write to the display name Not write to the access level I've gone through a lot of videos and Firestore docs and haven't found anything that shows how you would

问题 I have a bunch of documents that contain a few fields each. How can I write rules that only apply to a specific field in each document? For example, if my documents looked like this: { "displayName": "John Doe", // read and write "accessLevel": 3 // read only } How could I make it so that you can Read display name and access level Write to the display name Not write to the access level I've gone through a lot of videos and Firestore docs and haven't found anything that shows how you would

问题 I have a firestore collection called letters which holds a public letter from users. In my app, I am using pagination to limit the results to 20 when they go to public letters screen . My concern is that this would work fine from within the app but if some malicious user query the database from let's say postman then I will be billed heavily for all those reads. I have all security rules in place like the user should be authenticated but this needs to be public collection so I can't think of

问题 I have a firestore collection called letters which holds a public letter from users. In my app, I am using pagination to limit the results to 20 when they go to public letters screen . My concern is that this would work fine from within the app but if some malicious user query the database from let's say postman then I will be billed heavily for all those reads. I have all security rules in place like the user should be authenticated but this needs to be public collection so I can't think of

问题 I have a firestore collection called letters which holds a public letter from users. In my app, I am using pagination to limit the results to 20 when they go to public letters screen . My concern is that this would work fine from within the app but if some malicious user query the database from let's say postman then I will be billed heavily for all those reads. I have all security rules in place like the user should be authenticated but this needs to be public collection so I can't think of

问题 On my client side I am creating a document with one of the fields "createdDate" below is a payload from the firestore simulator { "__name__": "/databases/(default)/documents/billing/aaaa", "data": { "createdDate": 1529237500239, "createdDateTimeFormat": "2018-06-12T07:00:00.000Z" } } I tried to set the security rule to make sure the "createdDate" is not in the future. service cloud.firestore { match /databases/{database}/documents { match /billing/{userId}{ allow create: if (request.resource

问题 On my client side I am creating a document with one of the fields "createdDate" below is a payload from the firestore simulator { "__name__": "/databases/(default)/documents/billing/aaaa", "data": { "createdDate": 1529237500239, "createdDateTimeFormat": "2018-06-12T07:00:00.000Z" } } I tried to set the security rule to make sure the "createdDate" is not in the future. service cloud.firestore { match /databases/{database}/documents { match /billing/{userId}{ allow create: if (request.resource

问题 I'm building an Android app which requires me to store some pictures for the user. Let's say I have 2 users: A and B. They should be able to read / write on their specific folders: user A can read and write to bucket/images/userA and user B can read and write to bucket/images/userB. They should not have access to anything else. Now let's say user A uploaded picture1.jpg and picture2.jpg. How can user A grant access to bucket/images/userA/picture1.jpg to user B? User B should not have access

问题 enter image description hereI'm about 90% with my app, and was ready to release it so it can be released to get tested. I was rejected by apple, because i didn't have a very important feature: - A mechanism for users to block abusive users. I already have a function in which I follow other users, but I'm stuck on how do I block access, so that when one users blocks the other, they don't see anything related to the one who just blocked him. They can't see their profile in search, in new