【发布时间】:2015-05-21 15:04:15
【问题描述】:
假设我有一个这样的数据结构:
{
"users" : {
"google:1234567890" : {
"displayName" : "Username A",
"provider" : "google",
"provider_id" : "1234567890"
}, ...
},
"todos" : {
"google:1234567890" : {
"rec_id1" : {
"todo" : "Walk the dog"
},
"rec_id2" : {
"todo" : "Buy milk"
},
"rec_id3" : {
"todo" : "Win a gold medal in the Olympics"
}, ...
}, ...
}
}
然后我只允许用户使用以下安全规则写入/读取自己的数据:
{
"rules": {
"users": {
"$uid": {
// grants write and read access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
".read": "auth !== null && auth.uid === $uid"
}
},
"todos": {
"$uid": {
// grants write and read access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
".read": "auth !== null && auth.uid === $uid"
}
}
}
}
如果用户想要将 Authentication Provider 更改为例如从 Google 更改为 Facebook,会发生什么情况,因为这也会更改他们的 auth.uid - 有没有办法在用户无法访问之前的数据的情况下完成此操作?
【问题讨论】:
标签: android json data-structures firebase firebase-security