我的数据库设置如下:>
workers: { worker1ID: { employerId: '-1' ownerId: 'asdafnb13214' name: Tony etc... } }, companies: { company1ID: { ownerId: 'LPqNASKAN2342as' companyName: Good Company employeeIDs: { worker25Id, worker26Id } etc... } }[作为公司,我正在尝试使用workerId将员工添加到公司中。我目前写给工人篮子的规则是...
"rules": { "workers": { ".read": "auth != null", "$worker": { ".write": //allow write if authenticated AND "auth !== null && //node doesn't exist OR (it exists AND the authenticated user is the worker) (!data.exists() || data.child('employerId').val() === auth.uid) || //OR the authenticated user is the company that is trying to add the worker to their company (root.child('companies').child('$company').child('ownerId').val() === auth.uid)" } } }验证的第三行不起作用。我知道使用通配符
$company是一个问题,因为当我对company1ID进行硬编码时,我能够编辑employerId的worker1ID
如何搜索所有公司中ownerId === auth.uid的公司。如果这不可能,则在我的fetch()函数中可以使用companyId。有没有一种方法可以通过类似于?auth=${token}的url发送此companyID,以便我可以将其插入规则中。
我的数据库设置看起来像这样:worker:{worker1ID:{雇主ID:'-1'ownerId:'asdafnb13214'名称:Tony等...}},公司:{company1ID:{...