-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirestore.rules
67 lines (52 loc) · 1.4 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// MARK: - Disabling access for all refs
match /{allPaths=**} {
allow read, write: if false;
}
// MARK: - Authentication
function isSignedIn() {
return ((request.auth != null)
&& (request.auth.uid != null));
}
// MARK: - Model Helpers
function getUserPath() {
return (/databases/$(database)/documents/users/$(request.auth.uid));
}
function userExists() {
return (isSignedIn()
&& (request.auth.token != null)
&& exists(getUserPath()));
}
function getUserData() {
return get(getUserPath()).data;
}
function getAdminPath() {
return (/databases/$(database)/documents/admins/$(request.auth.uid));
}
function isAdmin() {
return (isSignedIn()
&& (request.auth.token != null)
&& exists(getAdminPath()));
}
function getAdminData() {
return get(getAdminPath()).data;
}
// MARK: - User Access
match /_internal_/config {
allow read: if true;
}
match /users/{userId}{
allow read: if (isSignedIn()
&& (request.auth.uid == userId));
// allow write: if (isSignedIn()
// && (request.auth.uid == userId));
}
// MARK: - Admin Access
match /{allPaths=**} {
allow read, write: if (isSignedIn()
&& isAdmin());
}
}
}