forked from sparkletown/sparkle
-
Notifications
You must be signed in to change notification settings - Fork 1
/
firestore.rules
83 lines (77 loc) · 2.44 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
rules_version = '2';
function isUpdateRestrictedToField(request, field) {
return request.resource.data.diff(resource.data).affectedKeys().hasOnly([field]);
}
function role(name) {
return get(/databases/$(database)/documents/roles/$(name)).data
}
service cloud.firestore {
match /databases/{database}/documents {
match /config/{configFile} {
allow read: if true;
allow write: if request.auth.uid != null;
}
match /users/{userId} {
allow read: if true;
allow write: if request.auth.uid == userId;
match /visits/{venueId} {
allow read: if true;
allow write: if request.auth.uid == userId;
}
}
match /userprivate/{userId} {
allow read,write: if request.auth.uid == userId;
}
match /chatsv3/{chatId} {
allow write, read: if request.auth.uid != null;
}
match /privatechats/{userId}/{restOfPath=**} {
allow create: if request.auth.uid != null && request.resource.data.from == request.auth.uid;
allow read: if request.auth.uid != null && userId == request.auth.uid;
allow update: if request.auth.uid != null && isUpdateRestrictedToField(request, 'isRead');
}
match /experiences/{experienceId}/{restOfPath=**} {
allow read: if true;
allow write: if request.auth.uid != null;
}
match /faq/{faqId} {
allow read: if true;
}
match /marketingemails/{emailId} {
allow read: if request.auth.uid != null;
allow write: if true;
}
match /venues/{venue} {
allow read: if true;
function venueData() {
return get(/databases/$(database)/documents/venues/$(venue)).data
}
match /events/{event} {
allow read: if true;
allow write: if request.auth.uid in venueData().owners;
}
match /chats/{restOfPath=**} {
allow read,create: if request.auth.uid != null;
allow update: if (request.auth.uid in role('admin').users || request.auth.uid in venueData().owners) &&
isUpdateRestrictedToField(request, 'deleted');
}
match /access/{method} {
allow read, write: if false;
}
match /accessgranted/{userId} {
allow read, write: if false;
}
}
match /customers/{userId} {
allow read: if false;
allow write: if false;
}
match /purchases/{restOfPath=**} {
allow read,write: if true;
}
match /roles/{roleId} {
allow read: if true;
allow write: if false;
}
}
}