admin管理员组文章数量:1399991
My firebase structure likes:
"ROOT": {
"Group": {
"User": {
"Name": "",
"Email": "",
"Gender": "",
"Mobile": "",
"Time": ""
}
}
}
My question is, how can I prevent user from running ref.remove() directly from client browser inspector which will delete all data without any prompt?
I want to allow client script to run firebase operations like
- add/update data to /ROOT/, I mean, adding more "Group" child node, like Group2, Group3..., but can't delete this node.
- and add data under /ROOT/Group/, as well as update and delete
How to setup the security rules? Thanks.
My firebase structure likes:
"ROOT": {
"Group": {
"User": {
"Name": "",
"Email": "",
"Gender": "",
"Mobile": "",
"Time": ""
}
}
}
My question is, how can I prevent user from running ref.remove() directly from client browser inspector which will delete all data without any prompt?
I want to allow client script to run firebase operations like
- add/update data to /ROOT/, I mean, adding more "Group" child node, like Group2, Group3..., but can't delete this node.
- and add data under /ROOT/Group/, as well as update and delete
How to setup the security rules? Thanks.
Share Improve this question edited May 15, 2016 at 2:21 Frank van Puffelen 601k85 gold badges890 silver badges860 bronze badges asked Nov 23, 2015 at 14:21 POPOEVERPOPOEVER 331 silver badge5 bronze badges 2- @Shilly, I doesn't matter if the ref is in the browser scope. Anyone can create a Firebase ref and call remove. You could also just send an HTTP delete request to root. You need to have server side security. – David East Commented Nov 23, 2015 at 15:25
- Ok then, thanks for the explanation. (post-delete :) ) – Shilly Commented Nov 23, 2015 at 15:26
2 Answers
Reset to default 6Check out Bolt!
Bolt is a schema validation tool for Firebase.
So you could define your Group and User schema and then write rules to make sure no one who isn't authorized can delete it.
type User {
Name: String;
Email: String;
Gender: String;
Mobile: String;
Time: Number;
}
path /group/$groupid {
read() = true;
write() = this != null; // don't delete existing data
}
path /group/$groupid/user/$uid is User {
read() = true;
write() = this != null; // don't delete existing data
}
Now you just need to generate the security rules from the mand-line, or upload them using the Firebase CLI. Bolt doesn't have support in the dashboard just yet. You can also copy and paste the generated rules into the dashboard if needed as well.
Some other helpful Bolt functions you can use:
path /create { write() { create(this) } }
path /update { write() { update(this) } }
path /delete { write() { delete(this) } }
path /create-or-update { write() { create(this) || update(this) }}
create(ref) { prior(ref) == null }
update(ref) { prior(ref) != null && ref != null }
delete(ref) { prior(ref) != null && ref == null }
See this sample file and it's tests.
本文标签: javascriptHow to set security rules to prevent delete data in firebaseStack Overflow
版权声明:本文标题:javascript - How to set security rules to prevent delete data in firebase? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744182526a2594133.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论