问题
I have been struggling to grasp an understanding from recent researching of how to implement to grant different access levels to certain users in my system. I want to be able to grant one user read access and another with read/write referencing their uid. What work is required to implement this?
Do I need to restructure my DB and how are my JSON rules structured?
UPDATE - Implemented new rules and db structure
Current DB reference for store 01 -
database = FirebaseDatabase.getInstance().getReference("stores").child("Store 01").child("Task List"); //Find the Task List table in database and making a reference.
Updated rules structure to the following
{
"rules": {
"stores": {
".read": "auth != null && (root.child('readUsers').hasChild(auth.uid) || root.child('readWriteUsers').hasChild(auth.uid))",
".write": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)"
},
"readUsers": {
".read": "auth != null && root.child('readUsers').hasChild(auth.uid)",
".write": false
},
"readWriteUsers": {
".read": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)",
".write": false
}
} }
Updated DB structure to the following
回答1:
One solution is to have some specific database nodes listing your users, as follows:
{
"rules": {
"Store01": {
".read": "auth != null && (root.child('readUsers').hasChild(auth.uid) || root.child('readWriteUsers').hasChild(auth.uid))",
".write": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)"
},
"readUsers": {
".read": "auth != null && root.child('readUsers').hasChild(auth.uid)",
".write": false
},
"readWriteUsers": {
".read": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)",
".write": false
}
}
}
However, with your data model, there will be a problem because you are creating multiple stores as database root nodes. Each time you create a new store you would need to update the security rules!
You need to create these stores in a parent node, e.g. stores. Therefore, with the new readUsers and readWriteUsers nodes, your database would look like the following:
- task-list-for-managers
- stores
- Store01
- ....
- Store02
- ....
- readUsers
- WV0676TY67TY9: true //user Id
- PU8776TIU6543: true
- .....
- readWriteUsers
- BD563DHDV7669: true //user Id
- 87RSBE6383912: true
- .....
And the rules would be as follows:
{
"rules": {
"stores": {
".read": "auth != null && (root.child('readUsers').hasChild(auth.uid) || root.child('readWriteUsers').hasChild(auth.uid))",
".write": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)"
},
"readUsers": {
".read": "auth != null && root.child('readUsers').hasChild(auth.uid)",
".write": false
},
"readWriteUsers": {
".read": "auth != null && root.child('readWriteUsers').hasChild(auth.uid)",
".write": false
}
}
}
Note that, as explained here, read and write Rules cascade:
If a rule grants read or write permissions at a particular path, then it also grants access to all child nodes under it.
来源:https://stackoverflow.com/questions/55144125/how-to-grant-read-read-write-access-to-specific-uids-from-firebase-auth-and-data