-
Notifications
You must be signed in to change notification settings - Fork 0
/
firestore.rules
47 lines (43 loc) · 2.01 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
match /presentations/{presentation} {
allow read: if true;
allow create: if request.auth != null
// TODO: should this be aligned with all the possible fields?
&& request.resource.data.keys().hasAll(['uid', 'created', 'username', 'pages', 'notes', 'title', 'twitterHandle'])
&& request.resource.data.keys().hasOnly(['uid', 'created', 'username', 'pages', 'notes', 'title', 'twitterHandle'])
&& request.auth.uid == request.resource.data.uid;
allow update: if request.auth != null
&& request.auth.uid == resource.data.uid
&& request.resource.data.diff(resource.data).affectedKeys().hasOnly(['original', 'pages', 'rendered', 'title', 'notes', 'username', 'twitterHandle']);
allow delete: if request.auth != null
&& request.auth.uid == resource.data.uid;
}
match /users/{userId} {
allow write: if request.auth != null && request.auth.uid == userId
&& request.resource.data.keys().hasAll(['username', 'twitterHandle'])
&& request.resource.data.keys().hasOnly(['username', 'twitterHandle']);
allow read: if request.auth != null && request.auth.uid == userId;
}
match /sessions/{sessionId} {
// TODO: anyone can create a session, but it should contain a uid
// Then only the user with the matching uid can update it.
// Need to test that logic
allow create, update: if
// request.auth != null
request.resource.data.keys().hasAll(['slideIndex', 'ttl'])
&& request.resource.data.keys().hasOnly(['slideIndex', 'ttl']);
allow read: if true;
}
match /sessions/{sessionId}/reactions/{reactionId} {
allow create: if
request.resource.data.keys().hasAll(['reaction', 'ttl', 'created'])
&& request.resource.data.keys().hasOnly(['reaction', 'ttl', 'created']);
allow read: if true;
}
}
}