问题描述
给出以下firebase实时数据库架构:
{
"Organizations": {
"A": {
"name": "org a","users": {
"1": true,"2": true,"3": true
},"owners": {
"1": true,}
},"B": {
"name": "org B","users": {
"2": true,"owners": {
"2": true,"C": {
"name": "org C","owners": {
"3": true
}
}
},"Users": {
"1": {
"name": "sean","organizations": {
"A": true,"C": true
}
},"2": {
"name": "sean","B": true,"3": {
"name": "sean","avatar": "some image url","email": "example@com.com"
"organizations": {
"A": true,"C": true
}
}
}
}
使用实时数据库规则,如何允许组织的所有所有者查看组织的用户对象中所有用户的所有用户数据。
换句话说,目标是:通过RTB连接将组织的每个用户的所有数据(名称,电子邮件,头像....)列出给所有者。
我似乎无法辨别如何格式化子规则,数据规则,子规则等.write或.read规则来构造规则集来完成此任务。感谢您的帮助。
解决方法
要允许该组织的所有者阅读/Organizations/$orgId/users
,您需要遵守以下规则:
{
"rules": {
"Organizations": {
"$orgId": {
"users": {
".read": "data.parent().child('owners').child(auth.uid).exists()"
}
}
}
}
}