javascript - Enforce user id for a field in Firebase Database using rules -


i want users able add posts using app. need know made each post client uses

this.firebaseapp.database().ref('posts/').push({         userid, text, timestamp:new date()       });

technically though, modify client , send value userid, need database rule prevent this.

the example user data on firebase site mentions:

{   "rules": {     "users": {       "$user_id": {         // grants write access owner of user account         // uid must match key ($user_id)         ".write": "$user_id === auth.uid"       }     }   } }

i think want .write restriction since posts different dataset, don't want use post key, want refer value being passed in.

here's i've tried allows posts written still:

{   "rules": {     ".read": "auth != null",     ".write": "auth != null",     "posts": {       "userid": {         ".write": "newdata.val() === auth.uid"       }     }   } }

that first code snippet syntactically incorrect. let's assume meant:

this.firebaseapp.database().ref('posts/').push({     userid: userid, text: text, timestamp:new date() });

the rules want are:

{   "rules": {     ".read": "auth != null",     "posts": {       "$postid": {         ".write": "newdata.child('userid').val() === auth.uid"       }     }   } }

the key differences:

  • i removed top-level ".write" rule. permission cascades down: once grant access @ level, cannot take away @ lower level.
  • i added $postid, needed since rule needs apply child noders under /posts. $postid wildcard rule allow that.
  • i ensure have write permission individual post, since doing on userid property not allow user write actual post anymore.

Comments

Post a Comment

Popular posts from this blog

python - Selenium remoteWebDriver (& SauceLabs) Firefox moseMoveTo action exception -

while performing simple hover test on firefox through selenium (3.4.0) python bindings (3.4.3) using of available os in saucelabs (except linux, latest available firefox version old), performing following actionchain: hover = actionchains(driver) hover.move_to_element(elm_men_menu).perform() it throws following error: taceback: file [...] in testhover hover.perform() file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/common/action_chains.py", line 80, in perform action() file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/common/action_chains.py", line 290, in <lambda> command.move_to, {'element': to_element.id})) file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 256, in execute self.error_handler.check_response(response) file "/usr/local/lib/python2.7/...
Read more

html - How to custom Bootstrap grid height? -

why bootstrap grid has height 591.067 ? did height came ? .main-post { padding: 20px; background-color: #fff; border: 1px solid #d8d8d8; margin-bottom: 100px; } .main-post .post-categories { margin-bottom: 10px } .main-post h3 { margin: 0 0 10px; color: #777; letter-spacing: -1px; font-weight: bold } .main-post .post-author, .main-post .post-date, .main-post .post-comments { font-size: 12px } .main-post img { display: block; margin: 10px 0; } .main-post .post-summary { line-height: 1.7; color: #888 } .main-post { color: #999 } <div class="col-sm-6"> <div class="main-post"> <h3 class="post-title"> <a href="#"> post title </a> </...
Read more

python - Web scraping, Url jump prevents authorization? -

i've been trying scrape website (www.dearedu.com), specifically, i've been having tremendous amounts of difficulties logging in...having tried find on answered authorization questions on stack exchange. currently, using request sessions log in using following code, cj = cookielib.cookiejar() mysession = requests.session() mysession.headers.update({'user-agent':'mozilla/5.0 (macintosh; intel mac os x 10_11_6) applewebkit/537.36 (khtml, gecko) chrome/59.0.3071.115 safari/537.36'}) data = mysession.get('http://www.dearedu.com/', cookies = cj) data= {'userid': myusername, 'pwd': mypassword, 'fmdo': 'login', 'dopost': 'login', 'keeptime': '604800', 'teshu': 't'} data = mysession.post('http://club.dearedu.com/member/index_do.php', data=data) when code above run correct password , username, following html <head> <tit...
Read more