-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathfirestore.rules
131 lines (113 loc) · 3.87 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
service cloud.firestore {
match /databases/{database}/documents {
// True if the user is an admin
function isAdmin() {
return request.auth.uid != null && get(/databases/$(database)/documents/admins/$(request.auth.uid)).data.isAdmin;
}
// True if user owns the document
function isOwner(userId){
return request.auth.uid == userId;
}
// True if user is logged in
function isAuthed(){
return request.auth.uid != null
}
//True if user is team owner
function isTeamOwner(teamId){
return request.auth.uid == get(/databases/$(database)/documents/teams/$(teamId)).data.owner.uid;
}
// True if the user is a member of the team
function isTeamMember(teamId) {
return exists(/databases/$(database)/documents/teams/$(teamId)/members/$(request.auth.uid));
}
// True if user is invited to the team.
function isInvited(teamId){
return exists(/databases/$(database)/documents/invitations/$(request.auth.token.email.lower())/teams/$(teamId));
}
match /invitations/{email} {
allow read: if isAuthed() && request.auth.token.email == email || isAdmin();
allow write: if isAuthed();
match /teams/{teamId} {
allow read: if isAuthed() && request.auth.token.email == email || isAdmin();
allow write: if isAuthed();
}
}
match /messages/{userId} {
allow read : if isAdmin() || isAuthed() && isOwner(userId);
allow write: if isAuthed();
match /messages/{messageId} {
allow read, delete, update: if isAuthed() && isOwner(userId) || resource.data.sender.uid == request.auth.uid || isAdmin();
allow create: if isAuthed();
}
}
match /profiles/{userId} {
allow read: if isAuthed();
allow write: if isOwner(userId) || isAdmin();
match /invitations/{teamId} {
allow read, write: if true;
}
match /requests/{teamId} {
allow read, write: if true;
}
match /teams/{teamId} {
allow read : if true;
allow delete : if isOwner(userId) || isTeamOwner(teamId) || isAdmin();
allow create : if isOwner(userId) || isTeamOwner(teamId) || isAdmin();
allow update : if isOwner(userId) || isTeamOwner(teamId) || isAdmin();
}
match /messages/{messageId} {
allow read, write: if true;
}
}
match /teams/{teamId} {
allow read, create: if isAuthed();
allow delete, update: if resource.data.owner.uid == request.auth.uid || isAdmin();
match /messages/{messageId} {
allow read, create: if isAuthed() && isTeamMember(teamId);
allow delete, update: if isAuthed() && isTeamMember(teamId) && resource.data.sender.uid == request.auth.uid || isAdmin();
}
match /members/{uid} {
allow read: if isAuthed();
allow delete: if isTeamOwner(teamId) || isOwner(uid) || isAdmin();
allow create: if isTeamOwner(teamId) || isAdmin() || isInvited(teamId);
}
match /invitations/{email}{
allow read, write: if true;
}
match /requests/{uid}{
allow read, write: if true;
}
}
match /towns/{townId} {
allow read: if true;
allow write: if isAdmin();
}
match /trashDrops/{dropId} {
allow read: if true;
allow write: if isAuthed();
}
match /admins/{userId} {
allow read, write: if isAdmin();
}
match /eventInfo/{id} {
allow read: if true;
allow write: if isAdmin();
}
match /trashCollectionSites/{id} {
allow read: if true;
allow write: if true;
}
match /supplyDistributionSites/{id} {
allow read: if true;
allow write: if true;
}
match /celebrations/{id} {
allow read: if true;
allow write: if true;
}
match /updates/{id}{
allow read: if true;
allow write: if isAdmin();
}
}
}