-
Notifications
You must be signed in to change notification settings - Fork 3
/
firestore.rules
69 lines (57 loc) · 1.94 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
service cloud.firestore {
match /databases/{database}/documents {
function getUserRole() {
return get(/databases/$(database)/documents/r/$(request.auth.uid))
.data.profile.role;
}
// Static herarchy for searching.
match /h/{userId} {
allow list: if request.auth.uid != null && request.query.limit <= 100;
}
// Hierarchy Cache Sum and KPU autofill.
match /hc2/{tpsId} {
// Anyone can read the cached sum.
allow get: if request.auth.uid != null;
}
// Relawan database.
match /r/{userId} {
// Moderator can read user profile if know the uid.
allow get: if request.auth.uid == userId || getUserRole() >= 1;
// Only Admin can perform search for user profile.
allow list: if request.query.limit <= 100 && getUserRole() >= 2;
}
// Relawan photos.
match /p2/{userId} {
// Moderator can read user photos if know the uid.
allow get: if request.auth.uid == userId || getUserRole() >= 1;
// Admins can see the scoreboard.
allow list: if request.query.limit <= 100 && getUserRole() >= 2;
}
// Referral codes.
match /c/{code} {
allow read: if resource.data.claimer == null || resource.data.bulk;
}
// Photo Uploads.
match /u2/{imageId} {
// User can see their own uploaded photos.
allow get: if request.auth.uid == resource.data.uploader.uid;
// Moderator can see the uploaded photos.
allow list: if request.query.limit <= 100 && getUserRole() >= 1;
}
// TPS change log.
match /t2/{tpsId} {
// Only Moderator and above can see the TPS history.
allow get: if getUserRole() >= 1;
}
// Data KPU
match /k/{kelId} {
// Only Moderator and above can see KPU data.
allow get: if getUserRole() >= 1;
}
// Scoreboard
match /s/s {
// Only Moderator and above can see scoreboard.
allow get: if getUserRole() >= 1;
}
}
}