-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirestore.rules
41 lines (35 loc) · 1.32 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /recipes/{recipe} {
function isSignedIn() {
return request.auth != null;
}
function getRole() {
return resource.data.roles[request.auth.uid];
}
function isOneOfRoles(array) {
return isSignedIn() && (getRole() in array);
}
function isValidRecipe() {
return request.resource.data.roles[request.auth.uid] == 'owner';
}
function onlyContentChanged() {
// Ensure that title and roles are unchanged and that no new
// fields are added to the document.
return request.resource.data.name == resource.data.name
&& request.resource.data.roles == resource.data.roles
&& request.resource.data.keys() == resource.data.keys();
}
// Split writing into creation, deletion, and updating. Only an
// owner can create or delete a story but a writer can update
// story content.
//
allow delete: if isOneOfRoles(['owner']);
allow update: if isOneOfRoles(['owner'])
|| (isOneOfRoles(['writer']) && onlyContentChanged());
allow create: if isValidRecipe();
allow read: if isOneOfRoles(['owner']);
}
}
}