javascript - Enforce user id for a field in Firebase Database using rules -


i want users able add posts using app. need know made each post client uses

this.firebaseapp.database().ref('posts/').push({         userid, text, timestamp:new date()       });

technically though, modify client , send value userid, need database rule prevent this.

the example user data on firebase site mentions:

{   "rules": {     "users": {       "$user_id": {         // grants write access owner of user account         // uid must match key ($user_id)         ".write": "$user_id === auth.uid"       }     }   } }

i think want .write restriction since posts different dataset, don't want use post key, want refer value being passed in.

here's i've tried allows posts written still:

{   "rules": {     ".read": "auth != null",     ".write": "auth != null",     "posts": {       "userid": {         ".write": "newdata.val() === auth.uid"       }     }   } }

that first code snippet syntactically incorrect. let's assume meant:

this.firebaseapp.database().ref('posts/').push({     userid: userid, text: text, timestamp:new date() });

the rules want are:

{   "rules": {     ".read": "auth != null",     "posts": {       "$postid": {         ".write": "newdata.child('userid').val() === auth.uid"       }     }   } }

the key differences:

  • i removed top-level ".write" rule. permission cascades down: once grant access @ level, cannot take away @ lower level.
  • i added $postid, needed since rule needs apply child noders under /posts. $postid wildcard rule allow that.
  • i ensure have write permission individual post, since doing on userid property not allow user write actual post anymore.

Comments

Post a Comment

Popular posts from this blog

Ansible warning on jinja2 braces on when -

i using code in vars my_var: "{{lookup('env','my_var') | default(true, true)}}" i using like - include: task.yml when: my_var this worked without issue in ansible 2.2 in ansible 2.3 warning this [warning]: when statements should not include jinja2 templating delimiters such {{ }} or {% %}. found: {{lookup('env','my_var') | default(true, true)}} so if use my_var: "lookup('env','my_var') | default(true, true)" , mean remove {{ }} , no warning my_var evaluated true no matter if pass false env variable. works fine in previous code gave how can fix it? the cleanest way set fact instead of using template in variable (it prevent lookup plugin being called multiple times in included tasks - not huge performance gain, cleaner): - set_fact: my_var: "{{lookup('env','my_var') | default(true, true)}}" also mind evaluate true in cases when environment my_var diff...
Read more

Parsing a protocol message from Go by Java -

i write server(go)-client(java) programe, , use protobuf communication. define proto file , share between server , client. in server side: compile shared proto file go protoc serialize object proto.marshal send client make request service in client side: compile shared proto file java protoc get bytes transferred via http deserialize bytes object. here following error: "com.google.protobuf.invalidprotocolbufferexception: while parsing protocol message, input ended unexpectedly in middle of field. mean either input has been truncated or embedded message misreported own length." i confirmed http work fine , value of bytes received in client side same bytes send server. have same problem on this? here proto file syntax = "proto3"; package tutorial; message person { string name = 1; int32 id = 2; string email = 3; enum phonetype { mobile = 0; home = 1; work = 2; } message phonenumber { ...
Read more

html - How to custom Bootstrap grid height? -

why bootstrap grid has height 591.067 ? did height came ? .main-post { padding: 20px; background-color: #fff; border: 1px solid #d8d8d8; margin-bottom: 100px; } .main-post .post-categories { margin-bottom: 10px } .main-post h3 { margin: 0 0 10px; color: #777; letter-spacing: -1px; font-weight: bold } .main-post .post-author, .main-post .post-date, .main-post .post-comments { font-size: 12px } .main-post img { display: block; margin: 10px 0; } .main-post .post-summary { line-height: 1.7; color: #888 } .main-post { color: #999 } <div class="col-sm-6"> <div class="main-post"> <h3 class="post-title"> <a href="#"> post title </a> </...
Read more