-
Notifications
You must be signed in to change notification settings - Fork 0
/
firestore.rules
54 lines (46 loc) · 2.48 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
service cloud.firestore {
match /databases/{database}/documents {
//match /{document=**} {
// allow read, write;
//}
match /decks/{deck} {
//change to read when bug fixed
//allow get: if resource.data.isPublic //allow get if the deck is public
//|| request.auth.uid in resource.data.users // allow get if the user is in the deck's list of users
//|| request.auth.uid in get(/databases/$(database)/documents/classes/$(resource.classId)).data.users; // allow get if
//the user is in the class referenced in the deck
//allow list: if resource.data.isPublic == true || request.auth != null; //temporary, there is a bug in firebase
//that causes queries to fail with certain permission setups (https://stackoverflow.com/questions/46667912).
//This should be removed after that is fixed, leaving only the read perm.
allow read: if resource.data.isPublic == true || request.auth != null; // temporary open permissions for testing and demo phase
allow update, delete: if resource.data.users[request.auth.uid].owner // allow write if owner of the deck
|| get(/databases/$(database)/documents/classes/$(resource.data.classId)).data.users[request.auth.uid].teacher == true;
// allow write if teacher in deck's class
//allow create: if (request.resource.data.name is string) &&
// ((request.resource.data.users.size() == 1
// && request.auth.uid in request.resource.data.users
// && request.resource.data.users[request.auth.uid].owner
// && !request.data.class)
// || (!request.data.users
// && request.data.classId is string
// && get(/databases/$(database)/documents/classes/$(request.resource.data.classId)).data.users[request.auth.uid].teacher == true));
allow create: if request.auth != null;
match /cards/{card} {
function getDeck() {
return get(/databases/$(database)/documents/decks/$(deck)).data;
}
allow read: if true; //temporary for testing
//(request.auth != null && request.auth.uid in get(/databases/$(database)/documents/classes/$(getDeck().classId)).data.users)
//|| (request.auth != null && request.auth.uid in getDeck().users)
//|| getDeck().isPublic == true;
allow write: if request.auth != null;
}
}
match /classes/{class} {
allow read, write: if request.auth != null; //temporary for testing
}
match /users/{user} {
allow read, write: if request.auth.uid == user;
}
}
}