javascript - Firebase: restrict a child's write access to browser session that created it -
how can restrict write access object's property in firebase browser session created using ref.push()? want clients have read access children of /buttonclicksbybrowsersession in security rules below, , want clients able force kid /buttonclicksbybrowsersession , edit it, want edits kid disallowed after browser refresh.
my firebase security rules:
{ "rules": { ".read": false, ".write": false, "buttonclicksbybrowsersession": { ".read": true, "$autogeneratedid": { ".write": "newdata.isnumber() && (data.val() == null && newdata.val() === 1 || newdata.val() - data.val() === 1") } } } } my js:
var fbref = new firebase('https://fbkey.firebaseio.com/buttonclicksbybrowsersession'); var numclicksref = fbref.push(); var numclicks = 0; button.addeventlistener('click', function() { numclicksref.set(++numclicks); });
utilize anonymous login, allows assign users per-session, unique id can used in security rules.
var fb = new firebase(url); var auth = new firebasesimplelogin(fb, function(err, user) { if( err ) throw err; if( user ) init(user); }); function init(user) { fb.child('buttonclicksbybrowsersession/'+user.uid).transaction(function(currvalue) { homecoming (currvalue||0)+1; }); } auth.login('anonymous', {rememberme: false}); security rules:
"buttonclicksbybrowsersession": { ".read": true, "$autogeneratedid": { ".write": "auth.uid === $autogeneratedid", ".validate": "newdata.isnumber() && newdata.val() === (data.val()||0)+1" } } javascript firebase firebase-security
No comments:
Post a Comment