query.startAt数据库规则权限被拒绝

时间:2019-12-21 08:02:52

标签: javascript firebase firebase-realtime-database firebase-security

似乎query.startAt规则已被破坏,或者我不理解。有人可以确认吗?这是最小的可再现误差。 Live example;使用CTRL + SHIFT + i打开Chrome控制台。 GitHub repo

database.rules.json:

{
 "rules":{
  ".read": "query.startAt>0",
  ".write": false
 }
}

index.html 

<!DOCTYPE html>
<html>
<body>
 <script src="/__/firebase/7.6.1/firebase-app.js"></script>
 <script src="/__/firebase/7.6.1/firebase-database.js"></script>
 <script src="/__/firebase/init.js"></script>
 <script>
  function init(){
   firebase.database.enableLogging(true);
   const db=firebase.database();
   const qry=db.ref("/").orderByChild('time').startAt(3);
   //logging shows permission denied on next line
   qry.once('value',s=>console.log("snapshot",s.val()));
  }

  init();
 </script>
</body>
</html>

数据库内容:

database contents

Chrome浏览器控制台输出显示权限被拒绝:

...snip...
@firebase/database: p:0: Listen on / for {"i":"time","sp":3} 
@firebase/database: p:0: {"r":2,"a":"q","b":{"p":"/","q":{"sp":3,"i":"time"},"t":1,"h":""}} 
...snip...
@firebase/database: p:0: from server: {"r":2,"b":{"s":"permission_denied","d":"Permission denied"}} 
@firebase/database: p:0: listen response {"s":"permission_denied","d":"Permission denied"} 
@firebase/database: event: /:cancel

如果database.rules.json更改为:

{
 "rules":{
  ".read": true,
  ".write": false
 }
}

监听的拒绝权限从浏览器控制台中消失:

...snip...
@firebase/database: p:0: Listen on / for {"i":"time","sp":3} 
@firebase/database: p:0: {"r":2,"a":"q","b":{"p":"/","q":{"sp":3,"i":"time"},"t":1,"h":""}} 
...snip...
@firebase/database: p:0: handleServerMessage d {"p":"","d":{"msg1":{"time":11}}} 
@firebase/database: event: /:value:{"msg1":{"time":11}} 
01:45:21.044 (index):13 snapshot {"msg1":{"time":11}}
@firebase/database: p:0: from server: {"r":2,"b":{"s":"ok","d":{"w":["no_index"]}}} 
...snip...

在大型应用程序中有所减少,该应用程序在已登录的用户中得以体现。

1 个答案:

答案 0 :(得分:2)

firebaser here

我可以重现此问题,据我所知,您的规则看起来还不错。

在我的测试中,使用public class HeapSelect { public static void main(String args[]) { List <Integer> intList=new ArrayList<Integer>(); Scanner scanner = new Scanner(System.in); String[] strNums = null; if (scanner.hasNextLine()) { strNums = scanner.nextLine().split(" "); } if (strNums != null) { for (String strNum: strNums) { try { intList.add(Integer.parseInt(strNum.trim())); } catch (Exception e) { System.out.println("Invalid input"); break; } } } int[] arr= new int[intList.size()]; int index = 0; for(int i : intList){ arr[index] = i; index++; } int k = scanner.nextInt(); int n = arr.length; MinHeap H1 = new MinHeap(n+1); for (int i=0; i < n; i++) { H1.insert(arr[i]); } H1.minHeap(); MinHeap H2 = new MinHeap(n+1); H2.insert(H1.Heap[1]); for (int j=1; j <= k - 1; j++) { for (int i=j+1; i <= n; i++) { H2.insert(H1.Heap[i]); } H2.remove(); } System.out.println("result " + H2.remove()); } 时,规则正确允许读取,但是使用query.startAt == 3>时,规则拒绝读取操作。

您能file a bug report看看这是规则模块中的错误,还是我们都缺少有关您的规则的信息?

更新:问题似乎来自对规则引擎中类型的错误解释。例如,当您确保所有数字均为浮点数时,它将起作用:

>=

并且:

".read": "query.startAt > 0.5",

请注意,这只是故障排除的一部分,尽管它可能使您暂时解决此问题,但它并不意味着要提供解决方案。

相关问题
最新问题