Android Firebase“;“拒绝许可”;但还是写作?
我的Firebase应用程序具有以下规则集:Android Firebase“;“拒绝许可”;但还是写作?,android,firebase,firebase-realtime-database,firebase-security,Android,Firebase,Firebase Realtime Database,Firebase Security,我的Firebase应用程序具有以下规则集: { "rules": { "EVENT_TABLE":{ "$id":{ //Explicitly allow for reading of the EVENT_TABLE item data, however specify sub-pieces to be unreadable. ".read":"auth != null", ".write":"auth !=
{
"rules": {
"EVENT_TABLE":{
"$id":{
//Explicitly allow for reading of the EVENT_TABLE item data, however specify sub-pieces to be unreadable.
".read":"auth != null",
".write":"auth != null",
"allowed_users":{
"$user_id":{
}
},
"requested_users":{
".read":"auth != null",
".write":"auth != null"
}
}
},
"EVENT_TABLE_GEO_MAP":{
".read": "auth != null",
".write": "auth != null"
},
"EVENT_CONFIDENTIALS_TABLE":{
".write": "auth != null",
"$id":{
".read": "root.child('EVENT_TABLE/'+$id+'/allowed_users/'+auth.uid).exists()"
}
}
}
}
每当用户尝试将自己添加到EVENT_TABLE对象下的“requested_users”映射时,它会显示“Permission Denied”,但仍然成功写入用户ID
以下是示例数据:
{
"b216d166-eff2-4947-898c-cef75e32605e" : {
"allowed_users" : {
"gEnCx9TIFNNOjExbzEtdIBwB2t62" : 1
},
"body" : "ahah",
"end" : 1490842878378,
"id" : "b216d166-eff2-4947-898c-cef75e32605e",
"latitude" : 44.783728,
"longitude" : -93.2468524,
"name" : "New Event",
"owner_id" : "gEnCx9TIFNNOjExbzEtdIBwB2t62",
"requested_users" : {
"0G4OMRWeiNScz5KnpkOaDQw9kd02" : 1
},
"start" : 1490842876140
}
}
用户请求将包含其id的新映射写入“requested_users”字段后
此外,以下是我在Android中用来调用write的函数:
public static void requestToJoinEvent(Event eventRequested, final Activity activityCalling){
user = FirebaseAuth.getInstance().getCurrentUser();
if(user!=null){
retrieveDatabaseReference(EVENT_TABLE);
eventRequested.getRequested_users().put(user.getUid(),1);
ref.child(eventRequested.getId()).child("requested_users").setValue(eventRequested.getRequested_users());
ref.addValueEventListener(new ValueEventListener() {
@Override
public void onDataChange(DataSnapshot dataSnapshot) {
operationSuccess=true;
displayRequestSentMessage(activityCalling);
}
@Override
public void onCancelled(DatabaseError databaseError) {
//This returns with a Permission Denied error.
}
});
}else{
throw new RuntimeException("User is missing!");
}
}
为什么它抛出了一个被拒绝的权限错误,但仍然成功地写入了文件?我也遇到了同样的问题