-
Notifications
You must be signed in to change notification settings - Fork 0
/
firestore.rules
35 lines (35 loc) · 1.46 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
// users with isAdmin == true can read and write to any document
allow read, write: if request.auth != null && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isAdmin == true
}
match /users/{user} {
allow read, delete: if request.auth != null && request.auth.uid == user
allow update: if request.auth != null && request.auth.uid == user
// users can't change their own isAdmin field
&& !request.resource.data.diff(resource.data).affectedKeys().hasAny(['isAdmin']);
match /credentialrequests/{credreq} {
allow read, write: if request.auth != null && request.auth.uid == user;
}
match /notifications/{notification} {
// TODO: tighten this up after moving notifications to the backend
allow read, write: if request.auth != null
}
}
match /conversations/{conversation} {
// TODO: tighten this up after moving more of the logic to the backend
allow read, write: if request.auth != null
match /arguments/{argument} {
allow read, write: if request.auth != null
match /reviews/{review} {
allow read, write: if request.auth != null
}
match /ai/{cache} {
allow read, write: if request.auth != null
}
}
}
}
}