rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if false; } match /presentations/{presentation} { allow read: if true; allow create: if request.auth != null // TODO: should this be aligned with all the possible fields? && request.resource.data.keys().hasAll(['uid', 'created', 'username', 'pages', 'notes', 'title', 'twitterHandle']) && request.resource.data.keys().hasOnly(['uid', 'created', 'username', 'pages', 'notes', 'title', 'twitterHandle']) && request.auth.uid == request.resource.data.uid; allow update: if request.auth != null && request.auth.uid == resource.data.uid && request.resource.data.diff(resource.data).affectedKeys().hasOnly(['original', 'pages', 'rendered', 'title', 'notes', 'username', 'twitterHandle']); allow delete: if request.auth != null && request.auth.uid == resource.data.uid; } match /users/{userId} { allow write: if request.auth != null && request.auth.uid == userId && request.resource.data.keys().hasAll(['username', 'twitterHandle']) && request.resource.data.keys().hasOnly(['username', 'twitterHandle']); allow read: if request.auth != null && request.auth.uid == userId; } match /sessions/{sessionId} { // TODO: anyone can create a session, but it should contain a uid // Then only the user with the matching uid can update it. // Need to test that logic allow create, update: if // request.auth != null request.resource.data.keys().hasAll(['slideIndex', 'ttl']) && request.resource.data.keys().hasOnly(['slideIndex', 'ttl']); allow read: if true; } match /sessions/{sessionId}/reactions/{reactionId} { allow create: if request.resource.data.keys().hasAll(['reaction', 'ttl', 'created']) && request.resource.data.keys().hasOnly(['reaction', 'ttl', 'created']); allow read: if true; } } }