-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdatabase.rules.json
91 lines (91 loc) · 3.87 KB
/
database.rules.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
{
/* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
"rules": {
"users": {
"$user": {
"p": { // permission level (1+ is Operator) -- should probably just have a bool of perms but o well, this works fine
".validate": "newData.isNumber()",
".write": "newData.val() == 0",
// ".write": "false && auth != null && newData.val() < root.child('users').child(auth.uid).child('p').val() && $user !== auth.uid",
},
"e": { // email (write to once, and it gotta be your own email); used for linking cards
".validate": "newData.val() === auth.token.email",
".write": "$user === auth.uid && !data.exists()",
},
"t": { // current time (of qr code generation)
".validate": "newData.val() === now",
},
"a": { // activities
".write": "root.child('users').child(auth.uid).child('p').val() >= 1",
},
".validate": "newData.hasChildren(['e', 't'])",
".read": "$user === auth.uid || root.child('users').child(auth.uid).child('p').val() >= 1",
".write": "$user === auth.uid",
},
".read": "root.child('users').child(auth.uid).child('p').val() >= 2",
},
"data": {
"$emailFormatted": { // . is replaced with @ since invalid character for firebase keys
"e": { // email (cannot be verified so only admin can set it)
".write": "root.child('users').child(auth.uid).child('p').val() >= 2",
},
".write": "root.child('users').child(auth.uid).child('p').val() >= 2",
".read": "data.child('e').val() === auth.token.email || root.child('users').child(auth.uid).child('p').val() >= 1",
},
},
"cards": {
"$card": {
"ch": { // cardholder (email)
".validate": "newData.isString() && newData.val().length <= 64",
},
"a": { // active
".validate": "newData.isBoolean()",
},
".validate": "$card.length <= 32",
// only be able to set/read cards as Operator
".read": "root.child('users').child(auth.uid).child('p').val() >= 1",
".write": "root.child('users').child(auth.uid).child('p').val() >= 1",
},
".read": "root.child('users').child(auth.uid).child('p').val() >= 1",
},
"events": {
"$event": {
"n": { // name
".validate": "newData.isString() && newData.val().length <= 32",
},
"d": { // description
".validate": "newData.isString() && newData.val().length <= 200",
},
"c": { // count
".validate": "newData.isNumber()", // maybe increment check?
},
// only be able to set events as Operator
".read": "root.child('users').child(auth.uid).child('p').val() >= 1",
".write": "root.child('users').child(auth.uid).child('p').val() >= 1",
},
".read": "root.child('users').child(auth.uid).child('p').val() >= 1",
},
// these events will not be deleted i guess
"re": { // Reader Events
"$readerEvent": {
"t": { // time of ReaderEvent
".validate": "newData.isNumber() && newData.val() === now",
},
"c": { // card scanned in ReaderEvent
".validate": "newData.isString() && newData.val().length <= 32",
},
"e": { // event id
".validate": "newData.isString() && newData.val().length <= 32",
},
// card events cannot be overwritten or deleted
".validate": "newData.hasChildren(['t', 'c', 'e']) && !data.exists() && newData.exists()",
// only be able to read as Operator
".read": "root.child('users').child(auth.uid).child('p').val() >= 1",
".write": "root.child('users').child(auth.uid).child('p').val() >= 1",
},
".read": "root.child('users').child(auth.uid).child('p').val() >= 1",
},
".read": false,
".write": false,
}
}