Fatal编程技术网
  • android/
  • Android Firebase“;“拒绝许可”;但还是写作?

Android Firebase“;“拒绝许可”;但还是写作?

android firebase

Android Firebase“;“拒绝许可”;但还是写作?,android,firebase,firebase-realtime-database,firebase-security,Android,Firebase,Firebase Realtime Database,Firebase Security,我的Firebase应用程序具有以下规则集: { "rules": { "EVENT_TABLE":{ "$id":{ //Explicitly allow for reading of the EVENT_TABLE item data, however specify sub-pieces to be unreadable. ".read":"auth != null", ".write":"auth !=

我的Firebase应用程序具有以下规则集:

{
  "rules": {
    "EVENT_TABLE":{
            "$id":{
        //Explicitly allow for reading of the EVENT_TABLE item data, however specify sub-pieces to be unreadable.
        ".read":"auth != null",
        ".write":"auth != null",
        "allowed_users":{
          "$user_id":{

          }
                },
        "requested_users":{
           ".read":"auth != null",
           ".write":"auth != null"
        }
      }
    },
    "EVENT_TABLE_GEO_MAP":{
      ".read": "auth != null",
      ".write": "auth != null"
    },
    "EVENT_CONFIDENTIALS_TABLE":{
      ".write": "auth != null",
      "$id":{
        ".read": "root.child('EVENT_TABLE/'+$id+'/allowed_users/'+auth.uid).exists()"
      }
    }
  }
}
每当用户尝试将自己添加到EVENT_TABLE对象下的“requested_users”映射时,它会显示“Permission Denied”,但仍然成功写入用户ID

以下是示例数据:

{
  "b216d166-eff2-4947-898c-cef75e32605e" : {
    "allowed_users" : {
      "gEnCx9TIFNNOjExbzEtdIBwB2t62" : 1
    },
    "body" : "ahah",
    "end" : 1490842878378,
    "id" : "b216d166-eff2-4947-898c-cef75e32605e",
    "latitude" : 44.783728,
    "longitude" : -93.2468524,
    "name" : "New Event",
    "owner_id" : "gEnCx9TIFNNOjExbzEtdIBwB2t62",
    "requested_users" : {
      "0G4OMRWeiNScz5KnpkOaDQw9kd02" : 1
    },
    "start" : 1490842876140
  }
}
用户请求将包含其id的新映射写入“requested_users”字段后

此外,以下是我在Android中用来调用write的函数:

  public static void requestToJoinEvent(Event eventRequested, final Activity activityCalling){

        user = FirebaseAuth.getInstance().getCurrentUser();
        if(user!=null){
            retrieveDatabaseReference(EVENT_TABLE);
            eventRequested.getRequested_users().put(user.getUid(),1);
            ref.child(eventRequested.getId()).child("requested_users").setValue(eventRequested.getRequested_users());
            ref.addValueEventListener(new ValueEventListener() {
                @Override
                public void onDataChange(DataSnapshot dataSnapshot) {
                    operationSuccess=true;
                    displayRequestSentMessage(activityCalling);
                }

                @Override
                public void onCancelled(DatabaseError databaseError) {
                    //This returns with a Permission Denied error.
                }
            });
        }else{
            throw new RuntimeException("User is missing!");
        }
    }
为什么它抛出了一个被拒绝的权限错误,但仍然成功地写入了文件?

我也遇到了同样的问题