问题
I'm following the Firebase security tutorial.
I have this simple structure:
- requests
- request_id: {...}
- request_id: {...}
...
And my security rules:
{
"rules": {
"requests": {
".indexOn": ["id_company_owner", "id_app_user"],
"$request_id": {
// only request from the last ten minutes can be read
".read": "data.child('timestamp').val() > (now - 600000)",
}
}
}
}
All I want right now with my rule is to make my request readable. But I've to this inside (not outside) of $request_id, but no request is being readable; even if the request have the timestamp with less than 10 minutes ago. Can someone explain why?
回答1:
It's hard to tell without looking at the actual data, but Firebase security rules are all-or-nothing. Firebase security rules do not filter data.
That is, if you attempted to attach a listener to /requests, and even a single item is not allowed to be read due to a security rule, none of them can be read. You'll need to listen for individual items, or restructure your data, to accomplish this "filtering" behavior.
来源:https://stackoverflow.com/questions/28139215/firebase-rules-not-working