-
Notifications
You must be signed in to change notification settings - Fork 6
/
rules.json
executable file
·109 lines (109 loc) · 5.45 KB
/
rules.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
{
// Firechat sample security rules
"rules": {
// By default, make all data private unless specified otherwise.
".read": false,
".write": false,
"room-metadata": {
".read": true,
"$roomId": {
// Append-only by anyone, and admins can add official rooms, and edit or remove rooms as well.
".write": "(auth != null) && (!data.exists() || root.child('moderators').hasChild(auth.uid) || data.child('createdByUserId').val() === auth.uid)",
".validate": "newData.hasChildren(['name','type'])",
"id": {
".validate": "(newData.val() === $roomId)"
},
"createdByUserId": {
".validate": "(auth.uid === newData.val())"
},
"numUsers": {
".validate": "(newData.isNumber())"
},
"type": {
".validate": "('public' === newData.val()) || 'private' === newData.val() || ('official' === newData.val() && (root.child('moderators').hasChild(auth.uid)))"
},
// A list of users that may read messages from this room.
"authorizedUsers": {
".write": "(auth != null) && (!data.exists() || root.child('moderators').hasChild(auth.uid) || data.hasChild(auth.uid))"
}
}
},
"room-messages": {
"$roomId": {
// A list of messages by room, viewable by anyone for public rooms, or authorized users for private rooms.
".read": "(root.child('room-metadata').child($roomId).child('type').val() != 'private' || root.child('room-metadata').child($roomId).child('authorizedUsers').hasChild(auth.uid))",
".write": "(auth != null) && root.child('moderators').hasChild(auth.uid)",
"$msgId": {
// Allow anyone to append to this list and allow admins to edit or remove.
".write": "(auth != null) && (data.val() === null || root.child('moderators').hasChild(auth.uid)) && (root.child('room-metadata').child($roomId).child('type').val() != 'private' || root.child('room-metadata').child($roomId).child('authorizedUsers').hasChild(auth.uid)) && (!root.child('suspensions').hasChild(auth.uid) || root.child('suspensions').child(auth.uid).val() < now)",
".validate": "(newData.hasChildren(['userId','name','message','timestamp']))"
}
}
},
"room-users": {
"$roomId": {
".read": "(root.child('room-metadata').child($roomId).child('type').val() != 'private' || root.child('room-metadata').child($roomId).child('authorizedUsers').hasChild(auth.uid))",
".write": "(auth != null) && root.child('moderators').hasChild(auth.uid)",
"$userId": {
// A list of users by room, viewable by anyone for public rooms, or authorized users for private rooms.
".write": "(auth != null) && ($userId === auth.uid || root.child('moderators').hasChild(auth.uid))",
"$sessionId": {
".validate": "(!newData.exists() || newData.hasChildren(['id','name']))"
}
}
}
},
"users": {
// A list of users and their associated metadata, which can be updated by the single user or a moderator.
".read" : true,
"$userId": {
".write": "(auth != null) && (auth.uid === $userId || (root.child('moderators').hasChild(auth.uid)))",
".validate": "($userId === newData.child('id').val()) && (!newData.hasChild('isStaff') || (newData.child('isStaff').val() == false) || (newData.child('isStaff').val() == true && auth.isStaff == true)) && (!newData.hasChild('isModerator') || (newData.child('isModerator').val() == false) || (newData.child('isModerator').val() == true && auth.isModerator == true))",
"invites": {
// A list of chat invitations from other users, append-only by anyone.
"$inviteId": {
// Allow the user who created the invitation to read the status of the invitation.
".read": "(auth != null) && (auth.uid === data.child('fromUserId').val())",
".write": "(auth != null) && (!data.exists() || $userId === auth.uid || data.child('fromUserId').val() === auth.uid)",
".validate": "newData.hasChildren(['fromUserId','fromUserName','roomId']) && (newData.child('id').val() === $inviteId)"
}
},
"notifications": {
// A list of notifications, which can only be appended to by moderators.
"$notificationId": {
".write": "(auth != null) && (data.val() === null) && (root.child('moderators').hasChild(auth.uid))",
".validate": "newData.hasChildren(['fromUserId','timestamp','notificationType'])",
"fromUserId": {
".validate": "newData.val() === auth.uid"
}
}
}
}
},
"user-names-online": {
// A mapping of active, online lowercase usernames to sessions and user ids.
".read": true,
"$username": {
"$sessionId": {
".write": "(auth != null) && (!data.exists() || !newData.exists() || data.child('id').val() === auth.uid)",
"id": {
".validate": "(newData.val() === auth.uid)"
},
"name": {
".validate": "(newData.isString())"
}
}
}
},
"moderators": {
".read": "(auth != null)",
"$userId": {
".write": "(auth != null) && (auth.uid === $userId) && (auth.isModerator == true)"
}
},
"suspensions": {
".write": "(auth != null) && (root.child('moderators').hasChild(auth.uid))",
".read": "(auth != null) && (root.child('moderators').hasChild(auth.uid))"
}
}
}