forked from MrsLSmith/Essex-STEM
-
-
Notifications
You must be signed in to change notification settings - Fork 12
/
firestore.rules
143 lines (122 loc) · 4.22 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
service cloud.firestore {
match /databases/{database}/documents {
// True if the user is an admin
function isAdmin() {
return request.auth.uid != null && get(/databases/$(database)/documents/admins/$(request.auth.uid)).data.isAdmin;
}
// True if user owns the document
function isOwner(userId){
return request.auth.uid == userId;
}
// True if user is logged in
function isAuthed(){
return request.auth.uid != null
}
//True if team is public
function isTeamPublic(teamId){
return get(/databases/$(database)/documents/teams/$(teamId)).data.isPublic;
}
//True if user is team owner
function isTeamOwner(teamId){
return request.auth.uid == get(/databases/$(database)/documents/teams/$(teamId)).data.owner.uid;
}
// True if the user is a member of the team
function isTeamMember(teamId) {
return exists(/databases/$(database)/documents/teams/$(teamId)/members/$(request.auth.uid));
}
// True if user is invited to the team.
function isInvited(teamId){
return exists(/databases/$(database)/documents/invitations/$(request.auth.token.email.lower())/teams/$(teamId));
}
match /invitations/{email} {
allow read: if isAuthed() && request.auth.token.email == email || isAdmin();
allow write: if isAuthed();
match /teams/{teamId} {
allow read: if isAuthed() && request.auth.token.email == email || isAdmin();
allow write: if isAuthed();
}
}
match /messages/{userId} {
allow read : if isAdmin() || isAuthed() && isOwner(userId);
allow write: if isAuthed();
match /messages/{messageId} {
allow read, delete, update: if isAuthed() && isOwner(userId) || resource.data.sender.uid == request.auth.uid || isAdmin();
allow create: if isAuthed();
}
}
match /profiles/{userId} {
allow read: if isAuthed();
allow write: if isOwner(userId) || isAdmin();
match /invitations/{teamId} {
allow read, write: if true;
}
match /requests/{teamId} {
allow read, write: if true;
}
match /teams/{teamId} {
allow read : if true;
allow delete : if isOwner(userId) || isTeamOwner(teamId) || isAdmin();
allow create : if isOwner(userId) || isTeamOwner(teamId) || isAdmin();
allow update : if isOwner(userId) || isTeamOwner(teamId) || isAdmin();
}
match /messages/{messageId} {
allow read, write: if true;
}
}
match /teams/{teamId} {
allow read, create: if isAuthed();
allow delete, update: if resource.data.owner.uid == request.auth.uid || isAdmin();
match /messages/{messageId} {
allow create: if isAuthed() && isTeamMember(teamId);
allow read: if isAuthed() && isTeamPublic(teamId) || isTeamMember(teamId);
allow delete, update: if isAuthed() && isTeamMember(teamId) && resource.data.sender.uid == request.auth.uid || isAdmin();
}
match /members/{uid} {
allow read: if isAuthed();
allow delete: if isTeamOwner(teamId) || isOwner(uid) || isAdmin();
allow create: if isTeamPublic(teamId) || isTeamOwner(teamId) || isAdmin() || isInvited(teamId);
}
match /invitations/{email}{
allow read, write: if true;
}
match /requests/{uid}{
allow read, write: if true;
}
}
match /towns/{townId} {
allow read: if true;
allow write: if isAdmin();
}
match /trashDrops/{dropId} {
allow read: if true;
allow write: if isAuthed();
}
match /admins/{userId} {
allow read, write: if isAdmin();
}
match /eventInfo/{id} {
allow read: if true;
allow write: if isAdmin();
}
match /trashCollectionSites/{id} {
allow read: if true;
allow write: if true;
}
match /supplyDistributionSites/{id} {
allow read: if true;
allow write: if true;
}
match /celebrations/{id} {
allow read: if true;
allow write: if true;
}
match /updates/{id}{
allow read: if true;
allow write: if isAdmin();
}
match /faqs/{faqId} {
allow read: if isAuthed();
allow write: if isAdmin();
}
}
}