-
Notifications
You must be signed in to change notification settings - Fork 36
/
firestore.rules
82 lines (70 loc) · 2.13 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /customers/{uid} {
allow read, write: if request.auth.uid == uid;
match /checkout_sessions/{id} {
allow read, write: if request.auth.uid == uid;
}
match /payments/{id} {
allow read, write: if request.auth.uid == uid;
}
match /subscriptions/{id} {
allow read: if request.auth.uid == uid;
}
match /subscriptions/{id}/invoices/{iid} {
allow read: if request.auth.uid == uid;
}
}
match /addresses/{uid} {
allow read, write: if request.auth.uid == uid;
}
// TODO - allow read if subscription
match /content/{id} {
allow read: if true;
}
match /gcs-mirror/{allImages=**} {
allow read: if true;
}
match /cart/{uid} {
allow read, write: if request.auth.uid == uid;
}
match /products/{product_id} {
allow read: if true;
match /prices/{price_id} {
allow read: if true;
}
match /reviews/{review_id} {
allow read: if true;
allow write: if
// Only this users review should be writable.
request.auth.uid == review_id &&
// Ensure the write has only these fields.
request.resource.data.keys().hasOnly([
'created_at',
'message',
'product_id',
'rating',
'user'
]) &&
// Ensure the user map is valid.
request.resource.data.user is map &&
request.resource.data.user.keys().hasOnly([
'display_name',
'id',
'photo_url'
]) &&
request.resource.data.user.id == request.auth.uid &&
// Ensure rating is an int in the range 0 to 5.
request.resource.data.rating is int &&
request.resource.data.rating >= 0 &&
request.resource.data.rating <= 5 &&
// Ensure product id matches this path.
request.resource.data.product_id == product_id
}
match /tax_rates/{tax_rate_id} {
allow read: if true;
}
}
}
}