{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 仙女界的扛把子 的问题《firebase rules not working》','https://www.manongdao.com/q-249039.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm following the Firebase security tutorial.
I have this simple structure:
- requests
- request_id: {...}
- request_id: {...}
...
And my security rules:
{
"rules": {
"requests": {
".indexOn": ["id_company_owner", "id_app_user"],
"$request_id": {
// only request from the last ten minutes can be read
".read": "data.child('timestamp').val() > (now - 600000)",
}
}
}
}
All I want right now with my rule is to make my request readable. But I've to this inside (not outside) of $request_id, but no request is being readable; even if the request have the timestamp with less than 10 minutes ago. Can someone explain why?
It's hard to tell without looking at the actual data, but Firebase security rules are all-or-nothing. Firebase security rules do not filter data.
That is, if you attempted to attach a listener to
/requests, and even a single item is not allowed to be read due to a security rule, none of them can be read. You'll need to listen for individual items, or restructure your data, to accomplish this "filtering" behavior.