-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathfirestore.rules
75 lines (55 loc) · 2.49 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
service cloud.firestore {
match /databases/{database}/documents {
match /public/data/sessions/{sessionUrl} {
function isParticipant() {
return request.auth.uid in resource.data.participants;
}
// Allow authorized users to fetch session links
allow read: if isParticipant();
allow list: if isParticipant() && request.query.limit <= 10;
// Writing happens through the Cloud API when creating sessions
// for Access Code & Session URL generation
// allow write: if never --;
}
match /users/{userId} {
// Allow users to read and write to their own profile
allow read: if request.auth.uid == userId;
// TODO: Should any user profile data be written from the client side?
// allow write: if ??;
match /connections/{connectionId} {
// Allow users to read their own connections
allow read: if request.auth.uid == userId;
// Writing happens through the Cloud API for token validation purposes
// allow write: if never --;
match /sessions/{sessionId} {
// Helper function to access session in child rules
function getSessionData() {
return get(/databases/$(database)/documents/users/$(userId)/connections/$(connectionId)/sessions/$(sessionId)).data;
}
// Helper function to access session participants
function getSessionParticipants() {
return get(/databases/$(database)/documents/public/data/sessions/$(getSessionData().sessionCode)).data.participants;
}
// Allow session participants to view session data
allow read: if request.auth.uid in getSessionParticipants();
// TODO: Should any session data be written from the client side?
// allow write: if ??
match /tasks/{taskId} {
// Helper function to validate vote hours
function isVoteValid() {
// -1 = 'not applicable', 0 = 'More info needed', 'value > 0' is estimate
return !math.isNaN(request.resource.data.votes[request.auth.uid]);
}
// Allow session participants to view session tasks
allow read: if request.auth.uid in getSessionParticipants();
// Allow users to register ONLY their OWN votes on tasks
allow update: if request.writeFields.size() == 1 && isVoteValid();
}
}
}
}
match /faqs/{faqId} {
allow read: if request.auth.uid != null;
}
}
}