云数据库中配置DB Schema如下
{
"bsonType": "object",
"required": [
"title"
],
"permission": {
"read": true,
"create": true,
"update": "doc.uid == auth.uid",
"delete": "doc.uid == auth.uid"
},
"properties": {
"_id": {
"description": "ID,系统自动生成"
},
"uid": {
"forceDefaultValue": {
"$env": "uid"
},
"foreignKey": "uni-id-users._id",
"permission": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"description": "用户ID"
},
"updated_at": {
"forceDefaultValue": {
"$env": "now"
},
"description": "数据更新时间"
},
"ip_address": {
"permission": {
"read": false,
"write": false
},
"forceDefaultValue": {
"$env": "clientIP"
},
"description": "数据更新时间"
},
"created_at": {
"bsonType": "int",
"permission": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"forceDefaultValue": {
"$env": "now"
},
"description": "数据发布时间"
},
"title": {
"bsonType": "string",
"description": "标题"
}
}
}
在前端使用clientDB查询数据,其中ip_address字段的值正常返回,并没有因为在权限中设置了read:false而不返回
这是严重的安全问题,望官方尽快修解决
顶
顶
顶
顶起
5 个评论
要回复文章请先登录或注册
3***@qq.com (作者)
DCloud_uniCloud_WYQ
DCloud_uniCloud_WYQ
3***@qq.com (作者)
DCloud_uniCloud_WYQ