安全规则不像文档所说的那样级联
Security rules dont cascade like the docs said
安全规则并不像文档所说的那样级联。
此图片演示了使用模拟器完成的对路径 /foo/baz/bar/ 的授权读取请求的结果。
Firebase 文档是这样说的(代码示例与文档相关):
{
"rules": {
"foo": {
".read": true,
".write": false
}
}
}
.read and .write rules cascade, so this ruleset grants read access to
any data at path /foo/ as well as any deeper paths such as
/foo/bar/baz. Note that .read and .write rules shallower in the
database override deeper rules, so read access to /foo/bar/baz would
still be granted in this example even if a rule at the path
/foo/bar/baz evaluated to false.
为什么我会得到相反的效果?
允许访问级联,拒绝访问则不允许。如果拒绝访问具有相同的级联效应,规则将变得冗长,因为即使在拒绝时,您也必须明确排除您不想影响的数据库的每个部分。
将规则视为一个大的 or 语句——它逐条检查每个匹配规则,直到找到 true:
rule1 || rule2 || rule3 || rule4 ...
安全规则并不像文档所说的那样级联。
此图片演示了使用模拟器完成的对路径 /foo/baz/bar/ 的授权读取请求的结果。
Firebase 文档是这样说的(代码示例与文档相关):
{
"rules": {
"foo": {
".read": true,
".write": false
}
}
}
.read and .write rules cascade, so this ruleset grants read access to any data at path /foo/ as well as any deeper paths such as /foo/bar/baz. Note that .read and .write rules shallower in the database override deeper rules, so read access to /foo/bar/baz would still be granted in this example even if a rule at the path /foo/bar/baz evaluated to false.
为什么我会得到相反的效果?
允许访问级联,拒绝访问则不允许。如果拒绝访问具有相同的级联效应,规则将变得冗长,因为即使在拒绝时,您也必须明确排除您不想影响的数据库的每个部分。
将规则视为一个大的 or 语句——它逐条检查每个匹配规则,直到找到 true:
rule1 || rule2 || rule3 || rule4 ...