火力地堡安全寫入規則

Question

因此，這裏是到目前爲止我的安全結構：

{ 
    "rules": 
    { 
     "users": 
     { 
      "$user": 
      { 
       ".read": true, 
       "Age": 
       { 
        ".write": "$user === auth.uid", 
        ".validate": "newData.isNumber()" 
       }, 
       "Name": 
       { 
        ".write": "$user === auth.uid", 
        ".validate": "newData.isString()" 
       }, 
       "friends": 
       { 
        "$friend": 
        { 
         "Age": 
         { 
          ".write": "$user === auth.uid || $friend === auth.uid", 
          ".validate": "newData.isString()" 
         }, 
         "Name": 
         { 
          ".write": "$user === auth.uid || $friend === auth.uid", 
          ".validate": "newData.isNumber()" 
         } 
        } 
       } 
      } 
     } 
    } 
} 

現在，當我試圖寫「$用戶」給用戶，我有以下錯誤：

Attempt to write Success({"42":{"Age":42,"Name":"Nick","friends":{"11":{"Age":11,"Name":"Rob"}}}}) to /users with auth=Success({"id":42,"provider":"anonymous","uid":"anonymous:42"}) 
/
/users 

No .write rule allowed the operation. 
Write was denied. 

當我設置.write規則的用戶，那麼所有的寫操作規則將被改寫。我需要指定$user的所有特徵只能寫成$user，但$friend可以寫成$friend和$user。當我推送用戶時，我會將其推送給朋友，但之後我需要朋友能夠在不同的用戶路徑上更改他們的數據。你有什麼想法？

謝謝！

Answer 1

好吧，所以我玩了一些規則，並決定把孩子的書寫規則納入驗證，它的工作原理非常棒。這裏是我的最終代碼：

{ 
"rules": 
{ 
    "users": 
    { 
     "$user": 
     { 
      ".read": true, 
      ".write": "$user === auth.uid", 
      "Age": 
      { 
       ".validate": "newData.isNumber()" 
      }, 
      "Name": 
      { 
       ".validate": "newData.isString()" 
      }, 
      "friends": 
      { 
       "$friend": 
       { 
        "Age": 
        { 
         ".validate": "newData.isString() && ($user === auth.uid || $friend === auth.uid)" 
        }, 
        "Name": 
        { 
         ".validate": "newData.isNumber() && ($user === auth.uid || $friend === auth.uid)" 
        } 
       } 
      } 
     } 
    } 
} 
}