问题
I'm using Firebase with Angular2 and Firebase-queue as a batch server.
Clients send tasks to the server and sometime they are waiting for a response.
Client can read the response using the request id. But then, what happens to the response ? I guess only the client can delete it but I don't really like to give .write to the client.
So I'm trying to figure out a way to secure this .write access.
Question: Is It possible to give .read and .write access only to the user that own the request key?
The response itself and even the /responses node would not be readable for the others.
I'm trying to avoid people(evil) deleting responses before the user can read it.
回答1:
Frank van Puffelen answered the response here.
If I only want auth user to able to use it, I should use the following rules right?
"responses": {
".read": "false",
".write": "false",
"$responses": {
".read": "auth != null",
".write": "auth != null",
}
}
来源:https://stackoverflow.com/questions/40608672/how-to-safely-allow-user-to-delete-responses-from-firebase-queue