open.source/manifold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c762869b83
manifold/firestore.rules

225 lines
8.2 KiB
Plaintext
Raw Normal View History

basic firestore rules
2022-01-05 17:42:43 +00:00
rules_version = '2';
Send M$ to Charity & txns (#81) * Add components for CPM landing and charity pages * Remove misc.ts to fix build * Set up cloud function for writing txns * More plumbing for txns * Fix up API call * Use Date.now() to keep timestamps simple * Some styles for charity list page * Hard code charities data * Pass charity data to charity page * Update txn type * Listen for charity txns * Handle txn to non-user by burning it * Read txns for charity card and charity page. * Set images to object contain * Clean up txn types * Move pic to top of card. Other misc styling. * Update charity short & long descriptions * Add `token` and `category` to Txn * Fix breakages * Show Charity link in the sidebar * Fix typing issues * Fix not reading from the right type * Switch out icon * Also show Charity icon on mobile * Update copy Co-authored-by: Austin Chen <akrolsmir@gmail.com> Co-authored-by: James Grugett <jahooma@gmail.com>
2022-04-29 23:35:56 +00:00
// To pick the right project: `firebase projects:list`, then `firebase use <project-name>`
Allow admins to see private-users info
2022-01-24 06:45:46 +00:00
// To deploy: `firebase deploy --only firestore:rules`
basic firestore rules
2022-01-05 17:42:43 +00:00
service cloud.firestore {
match /databases/{database}/documents {
Allow admins to see private-users info
2022-01-24 06:45:46 +00:00
function isAdmin() {
Simplify Firestore isAdmin rule
2022-07-16 19:52:59 +00:00
return request.auth.token.email in [
'akrolsmir@gmail.com',
'jahooma@gmail.com',
'taowell@gmail.com',
Make Sinclair an admin
2022-08-23 00:50:59 +00:00
'abc.sinclair@gmail.com',
Feature markets on trending
2022-08-25 13:05:26 +00:00
'manticmarkets@gmail.com',
Add david to admins
2022-09-08 15:16:54 +00:00
'iansphilips@gmail.com',
Add Fede to admins
2022-09-08 15:51:58 +00:00
'd4vidchee@gmail.com',
Inga/admin rules resolve (#880) * Giving admin permission to resolve all markets that have closed after 7 days.
2022-09-15 03:28:40 +00:00
'federicoruizcassarino@gmail.com',
'ingawei@gmail.com'
Simplify Firestore isAdmin rule
2022-07-16 19:52:59 +00:00
]
Allow admins to see private-users info
2022-01-24 06:45:46 +00:00
}
Compute stats in Firebase instead of Vercel (#584) * Add stats updating cloud function * Read stats from database on client instead of computing them * Improve logging for stats updater * Tidying up
2022-06-26 21:42:42 +00:00
match /stats/stats {
allow read;
}
Featured items to homepage (#1024) * Featured items to homepage * Fix nits
2022-10-12 14:04:39 +00:00
match /globalConfig/globalConfig {
allow read;
allow update: if isAdmin()
allow create: if isAdmin()
}
basic firestore rules
2022-01-05 17:42:43 +00:00
match /users/{userId} {
allow read;
Tweak Firestore user rules to be more robust (#750)
2022-08-13 03:13:09 +00:00
allow update: if userId == request.auth.uid
Sync firestore rules from firebase console
2022-06-02 17:14:01 +00:00
&& request.resource.data.diff(resource.data).affectedKeys()
delete bannerUrl from user type
2022-10-10 20:51:27 +00:00
.hasOnly(['bio', 'website', 'twitterHandle', 'discordHandle', 'followedCategories', 'lastPingTime','shouldShowWelcome', 'hasSeenContractFollowModal', 'homeSections']);
Show online users on desktop
2022-07-15 14:45:52 +00:00
// User referral rules
Tweak Firestore user rules to be more robust (#750)
2022-08-13 03:13:09 +00:00
allow update: if userId == request.auth.uid
Show online users on desktop
2022-07-15 14:45:52 +00:00
&& request.resource.data.diff(resource.data).affectedKeys()
Referrals bug fix and attribute group
2022-07-18 16:40:44 +00:00
.hasOnly(['referredByUserId', 'referredByContractId', 'referredByGroupId'])
Show online users on desktop
2022-07-15 14:45:52 +00:00
// only one referral allowed per user
&& !("referredByUserId" in resource.data)
// user can't refer themselves
Tweak Firestore user rules to be more robust (#750)
2022-08-13 03:13:09 +00:00
&& !(userId == request.resource.data.referredByUserId);
Show online users on desktop
2022-07-15 14:45:52 +00:00
// quid pro quos enabled (only once though so nbd) - bc I can't make this work:
// && (get(/databases/$(database)/documents/users/$(request.resource.data.referredByUserId)).referredByUserId == resource.data.id);
Sync firestore rules from firebase console
2022-06-02 17:14:01 +00:00
}
Compute stats in Firebase instead of Vercel (#584) * Add stats updating cloud function * Read stats from database on client instead of computing them * Improve logging for stats updater * Tidying up
2022-06-26 21:42:42 +00:00
Daily/Weekly/Monthly Leaderboards by Fede (#557) * [Leaderboards] Added period toggle for leaderboards * [Leaderboards] TopBettors now calculates by period correctly * [Leaderboard] Use a subcollection for the portfolio caching * [Leaderboard] Switches to a tab view, temporarily hides the missing topBettors periods * [Leaderboard] Reverts random yarn.lock changes * Fix type error from merge * Increase timeout on update metrics * Update firebase rules to allow reading user portfolioHistory Co-authored-by: Pico2x <pico2x@gmail.com>
2022-06-22 20:29:40 +00:00
match /{somePath=**}/portfolioHistory/{portfolioHistoryId} {
allow read;
}
Sync firestore rules from firebase console
2022-06-02 17:14:01 +00:00
Daily profit 💰 (#1023) * Daily profit client side * Filter out those where profit rounds to 0 * Tabs to spaces
2022-10-11 05:32:55 +00:00
match /{somePath=**}/contract-metrics/{contractId} {
allow read;
}
Challenge Bets (#679) * Challenge bets * Store avatar url * Fix before and after probs * Check balance before creation * Calculate winning shares * pretty * Change winning value * Set shares to equal each other * Fix share challenge link * pretty * remove lib refs * Probability of bet is set to market * Remove peer pill * Cleanup * Button on contract page * don't show challenge if not binary or if resolved * challenge button (WIP) * fix accept challenge: don't change pool/probability * Opengraph preview [WIP] * elim lib * Edit og card props * Change challenge text * New card gen attempt * Get challenge on server * challenge button styling * Use env domain * Remove other window ref * Use challenge creator as avatar * Remove user name * Remove s from property, replace prob with outcome * challenge form * share text * Add in challenge parts to template and url * Challenge url params optional * Add challenge params to parse request * Parse please * Don't remove prob * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Add to readme about how to dev og-image * Add emojis * button: gradient background, 2xl size * beautify accept bet screen * update question button * Add separate challenge template * Accepted challenge sharing card, fix accept bet call * accept challenge button * challenge winner page * create challenge screen * Your outcome/cost=> acceptorOutcome/cost * New create challenge panel * Fix main merge * Add challenge slug to bet and filter by it * Center title * Add helper text * Add FAQ section * Lint * Columnize the user areas in preview link too * Absolutely position * Spacing * Orientation * Restyle challenges list, cache contract name * Make copying easy on mobile * Link spacing * Fix spacing * qr codes! * put your challenges first * eslint * Changes to contract buttons and create challenge modal * Change titles around for current bet * Add back in contract title after winning * Cleanup * Add challenge enabled flag * Spacing of switch button * Put sharing qr code in modal Co-authored-by: mantikoros <sgrugett@gmail.com>
2022-08-04 21:27:02 +00:00
match /{somePath=**}/challenges/{challengeId}{
allow read;
}
Allow to follow/unfollow markets, backfill as well (#794) * Allow to follow/unfollow markets, backfill as well * remove yarn script edit * add decrement comment * Lint * Decrement follow count on unfollow * Follow/unfollow button logic * Unfollow/follow => heart * Add user to followers in place-bet and sell-shares * Add tracking * Show contract follow modal for first time following * Increment follower count as well * Remove add follow from bet trigger * restore on-create-bet * Add pubsub to dev.sh, show heart on FR, remove from answer trigger
2022-08-24 16:49:53 +00:00
match /contracts/{contractId}/follows/{userId} {
allow read;
allow create, delete: if userId == request.auth.uid;
}
Challenge Bets (#679) * Challenge bets * Store avatar url * Fix before and after probs * Check balance before creation * Calculate winning shares * pretty * Change winning value * Set shares to equal each other * Fix share challenge link * pretty * remove lib refs * Probability of bet is set to market * Remove peer pill * Cleanup * Button on contract page * don't show challenge if not binary or if resolved * challenge button (WIP) * fix accept challenge: don't change pool/probability * Opengraph preview [WIP] * elim lib * Edit og card props * Change challenge text * New card gen attempt * Get challenge on server * challenge button styling * Use env domain * Remove other window ref * Use challenge creator as avatar * Remove user name * Remove s from property, replace prob with outcome * challenge form * share text * Add in challenge parts to template and url * Challenge url params optional * Add challenge params to parse request * Parse please * Don't remove prob * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Challenge card styling * Add to readme about how to dev og-image * Add emojis * button: gradient background, 2xl size * beautify accept bet screen * update question button * Add separate challenge template * Accepted challenge sharing card, fix accept bet call * accept challenge button * challenge winner page * create challenge screen * Your outcome/cost=> acceptorOutcome/cost * New create challenge panel * Fix main merge * Add challenge slug to bet and filter by it * Center title * Add helper text * Add FAQ section * Lint * Columnize the user areas in preview link too * Absolutely position * Spacing * Orientation * Restyle challenges list, cache contract name * Make copying easy on mobile * Link spacing * Fix spacing * qr codes! * put your challenges first * eslint * Changes to contract buttons and create challenge modal * Change titles around for current bet * Add back in contract title after winning * Cleanup * Add challenge enabled flag * Spacing of switch button * Put sharing qr code in modal Co-authored-by: mantikoros <sgrugett@gmail.com>
2022-08-04 21:27:02 +00:00
match /contracts/{contractId}/challenges/{challengeId}{
allow read;
allow create: if request.auth.uid == request.resource.data.creatorId;
// allow update if there have been no claims yet and if the challenge is still open
allow update: if request.auth.uid == resource.data.creatorId;
}
Sync firestore rules from firebase console
2022-06-02 17:14:01 +00:00
match /users/{userId}/follows/{followUserId} {
allow read;
allow write: if request.auth.uid == userId;
rules change
2022-01-19 03:50:50 +00:00
}
liking markets with tip/heart (#798) * WIP liking markets with tip * Refactor Userlink, add MultiUserLink * Lint * Lint * Fix merge * Fix imports * wip liked contracts list * Cache likes and liked by user ids on contract * Refactor tip amount, reduce to M * Move back to M * Change positioning for large screens
2022-08-30 15:38:59 +00:00
match /users/{userId}/likes/{likeId} {
allow read;
allow write: if request.auth.uid == userId;
}
Following and follower list (#456) * Create following button that opens follow list in modal. * Move react query deps to web package.json * UseFollowers hook * Following and followers button, dialog with tabs. * Fix line endings * Remove carriage return from default vscode eol * Add placeholder message if no users followed / no followers * Tweak spacing
2022-06-08 03:24:18 +00:00
match /{somePath=**}/follows/{followUserId} {
Follow other users. Filter markets by followed (#387) * Add follow button to user page * Update follows in the database using follow button. * Add toggle for followed market creators to home * Hide follow toggle from user's markets page * Check that sold bet is by auth'd user * Change follow toggle to category pill * Remove unused imports * Remove console.logs
2022-06-03 04:52:14 +00:00
allow read;
}
rules change
2022-01-19 03:50:50 +00:00
match /private-users/{userId} {
Tweak Firestore user rules to be more robust (#750)
2022-08-13 03:13:09 +00:00
allow read: if userId == request.auth.uid || isAdmin();
allow update: if (userId == request.auth.uid || isAdmin())
Sync firestore rules from firebase console
2022-06-02 17:14:01 +00:00
&& request.resource.data.diff(resource.data).affectedKeys()
Remove unused unsubscribe attributes
2022-09-20 13:59:48 +00:00
.hasOnly(['apiKey', 'notificationPreferences', 'twitchInfo']);
basic firestore rules
2022-01-05 17:42:43 +00:00
}
Log views of contracts in feed
2022-04-05 03:28:38 +00:00
match /private-users/{userId}/views/{viewId} {
allow create: if userId == request.auth.uid;
}
Track clicks from feed
2022-04-19 05:16:08 +00:00
match /private-users/{userId}/events/{eventId} {
allow create: if userId == request.auth.uid;
}
Track latency of feed and portfolio page.
2022-04-21 06:00:08 +00:00
match /private-users/{userId}/latency/{loadTimeId} {
allow create: if userId == request.auth.uid;
}
Categories (#132) * basic market categories * use tags to store market category * display category in market * display full category * category selector component on feed * Move feed data fetching to new file * Decrease batch size for updating feed to prevent out-of-memory error * Compute and update category feeds! * Show feeds based on category tabs * Add react-query package! * Use react query to cache contracts * Remove 'other' category * Add back personal / friends to feed categories * Show scrollbar temporarily for categories * Remove 5 categories, change geopolitics to world * finance => economics * Show categories on two lines on larger screens Co-authored-by: James Grugett <jahooma@gmail.com>
2022-05-12 15:07:10 +00:00
match /private-users/{userId}/cache/{docId} {
[In progress] Server-side feed computation (#106) * Store view counts & last viewed time * Schedule updating user recommendations. Compute using tf-idf. * Update contract's lastBetTime and lastCommentTime on new bets and comments. * Remove contract's lastUpdatedTime * Remove folds activity feed * Implement getFeed cloud function * Hook up client to use getFeed * Script to cache viewCounts and lastViewTime * Batched wait all userRecommendations * Cache view script runs on all users * Update user feed each hour and get feed from cache doc. * Delete view cache script * Update feed script * Tweak feed algorithm * Compute recommendation scores from updateUserFeed * Disable lastViewedScore factor * Update lastCommentTime script * Comment out console.log * Fix timeout issue by calling new cloud functions with part of the work. * Listen for contract updates to feed. * Handle new user: use default feed of top markets this week * Track lastUpdatedTime * Tweak logic of calling cloud functions in batches * Tweak cloud function batching
2022-05-01 16:36:54 +00:00
allow read: if userId == request.auth.uid || isAdmin();
}
basic firestore rules
2022-01-05 17:42:43 +00:00
match /contracts/{contractId} {
allow read;
Append tags from market page
2022-01-26 23:45:05 +00:00
allow update: if request.resource.data.diff(resource.data).affectedKeys()
Add flaggedByUsernames to firestore rules
2022-10-13 13:58:14 +00:00
.hasOnly(['tags', 'lowercaseTags', 'groupSlugs', 'groupLinks', 'flaggedByUsernames']);
Auth for description/close time, unauth for tags
2022-06-02 17:23:25 +00:00
allow update: if request.resource.data.diff(resource.data).affectedKeys()
Allo creators to unlist markets
2022-10-03 15:26:39 +00:00
.hasOnly(['description', 'closeTime', 'question', 'visibility', 'unlistedById'])
Sync firestore rules from firebase console
2022-06-02 17:14:01 +00:00
&& resource.data.creatorId == request.auth.uid;
Allow admins to edit questions
2022-02-09 18:58:33 +00:00
allow update: if isAdmin();
Groups (#510) * Folds=>groups * Show groups on user profile * Allow group creation from /create * Refactoring to groups * Convert folds to groups * Add new add to group notification * Fix user profile tab bug * Add groups nav and tab for my groups * Remove bad profile pages * remove comments * Add group list dropdown to sidebar * remove unused * group cards ui * Messages=>Comments, v2, groupDetails * Discussion time * Cleaning up some code * Remove follow count * Fix pool scoring for cpmm * Fix imports * Simplify rules, add GroupUser collection * Fix group cards * Refactor * Refactor * Small fixes * Remove string * Add api error detail handling * Clear name field * Componentize * Spacing * Undo userpage memo * Member groups are already in my tab * Remove active contracts reference for now * Remove unused * Refactoring * Allow adding old questions to a group * Rename * Wording * Throw standard v2 APIError * Hide input for non-members, add about under title * Multiple names to & # more * Move comments firestore rules to appropriate subpaths * Group membership, pool=>volume * Cleanup, useEvent * Raise state to parent * Eliminate unused * Cleaning up * Clean code * Revert tags input deletion * Cleaning code * Stylling * Limit members to display * Array cleanup * Add categories back in * Private=>closed * Unused vars
2022-06-22 16:35:50 +00:00
match /comments/{commentId} {
allow create: if request.auth != null && commentMatchesUser(request.auth.uid, request.resource.data);
}
basic firestore rules
2022-01-05 17:42:43 +00:00
}
rules: handle querying all bets
2022-01-05 17:47:39 +00:00
match /{somePath=**}/bets/{betId} {
allow read;
}
Liquidity withdrawal (#457) * withdrawLiquidity cloud function * update rules * exclude antes from getCpmmLiquidityPoolWeights * update correct lp shares * liquidity panel * don't create bet if less than 1 surplus share * withdrawLiquidity return type * static analysis fix * hook dependency * prettier * renaming * typo * getCpmmLiquidityPoolWeights: always exclude antes * delete unused function * casting
2022-06-08 18:00:49 +00:00
match /{somePath=**}/liquidity/{liquidityId} {
allow read;
}
Hardening Firestore rules (#101) * Harden Firestore fold update rule This prevents editing fields on the fold that would lead to strange and disruptive results, for example, changing the curatorId to another user, or manually changing followCount. * Harden Firestore follower update rule This prevents users from creating follower entries with the userId of someone else, which would effectively subscribe that person to the fold. * Harden Firestore comment posting rule This prevents people from posting comments with inauthentic user information. * Fix silly bugs in comment rules I made
2022-04-27 08:17:29 +00:00
function commentMatchesUser(userId, comment) {
// it's a bad look if someone can impersonate other ids/names/avatars so check everything
let user = get(/databases/$(database)/documents/users/$(userId));
return comment.userId == userId
&& comment.userName == user.data.name
&& comment.userUsername == user.data.username
&& comment.userAvatarUrl == user.data.avatarUrl;
}
Free response (#47) * Answer datatype and MULTI outcome type for Contract * Create free answer contract * Automatically sort Tailwind classes with Prettier (#45) * Add Prettier Tailwind plugin * Autoformat Tailwind classes with Prettier * Allow for non-binary contracts in contract page and related components * logo with white inside, transparent bg * Create answer * Some UI for showing answers * Answer bet panel * Convert rest of calcuate file to generic multi contracts * Working betting with ante'd NONE answer * Numbered answers. Layout & calculation tweaks * Can bet. More layout tweaks! * Resolve answer UI * Resolve multi market * Resolved market UI * Fix feed and cards for multi contracts * Sell bets. Various fixes * Tweaks for trades page * Always dev mode * Create answer bet has isAnte: true * Fix card showing 0% for multi contracts * Fix grouped bets feed for multi outcomes * None option converted to none of the above label at bottom of list. Button to resolve none. * Tweaks to no answers yet, resolve button layout * Show ante bets on new answers in the feed * Update placeholder text for description * Consolidate firestore rules for subcollections * Remove Contract and Bet type params. Use string type for outcomes. * Increase char limit to 10k for answers. Preserve line breaks. * Don't show resolve options after answer chosen * Fix type error in script * Remove NONE resolution option * Change outcomeType to include 'MULTI' and 'FREE_RESPONSE' * Show bet probability change and payout when creating answer * User info change: also change answers * Append answers to contract field 'answers' * sort trades by resolved * Don't include trailing !:,.; in links * Stop flooring inputs into formatMoney * Revert "Stop flooring inputs into formatMoney" This reverts commit 2f7ab1842916bc903e60231cbf45b934db2f2658. * Consistently floor user.balance * Expand create panel on focus From Richard Hanania's feedback * welcome email: include link to manifold * Fix home page in dev on branches that are not free-response * Close emails (#50) * script init for stephen dev * market close emails * order of operations * template email * sendMarketCloseEmail: handle unsubscribe * remove debugging * marketCloseEmails: every hour * sendMarketCloseEmails: check undefined * marketCloseEmails: "every hour" => "every 1 hours" * Set up a read API using Vercel serverless functions (#49) * Set up read API using Vercel serverless functions Featuring: /api/v0/markets /api/v0/market/[contractId] /api/v0/slug/[contractSlug] * Include tags in API * Tweaks. Remove filter for only binary contract * Fix bet probability change for NO bets * Put back isProd calculation Co-authored-by: Austin Chen <akrolsmir@gmail.com> Co-authored-by: mantikoros <sgrugett@gmail.com> Co-authored-by: mantikoros <95266179+mantikoros@users.noreply.github.com>
2022-02-17 23:00:19 +00:00
match /{somePath=**}/comments/{commentId} {
basic firestore rules
2022-01-05 17:42:43 +00:00
allow read;
}
Free response (#47) * Answer datatype and MULTI outcome type for Contract * Create free answer contract * Automatically sort Tailwind classes with Prettier (#45) * Add Prettier Tailwind plugin * Autoformat Tailwind classes with Prettier * Allow for non-binary contracts in contract page and related components * logo with white inside, transparent bg * Create answer * Some UI for showing answers * Answer bet panel * Convert rest of calcuate file to generic multi contracts * Working betting with ante'd NONE answer * Numbered answers. Layout & calculation tweaks * Can bet. More layout tweaks! * Resolve answer UI * Resolve multi market * Resolved market UI * Fix feed and cards for multi contracts * Sell bets. Various fixes * Tweaks for trades page * Always dev mode * Create answer bet has isAnte: true * Fix card showing 0% for multi contracts * Fix grouped bets feed for multi outcomes * None option converted to none of the above label at bottom of list. Button to resolve none. * Tweaks to no answers yet, resolve button layout * Show ante bets on new answers in the feed * Update placeholder text for description * Consolidate firestore rules for subcollections * Remove Contract and Bet type params. Use string type for outcomes. * Increase char limit to 10k for answers. Preserve line breaks. * Don't show resolve options after answer chosen * Fix type error in script * Remove NONE resolution option * Change outcomeType to include 'MULTI' and 'FREE_RESPONSE' * Show bet probability change and payout when creating answer * User info change: also change answers * Append answers to contract field 'answers' * sort trades by resolved * Don't include trailing !:,.; in links * Stop flooring inputs into formatMoney * Revert "Stop flooring inputs into formatMoney" This reverts commit 2f7ab1842916bc903e60231cbf45b934db2f2658. * Consistently floor user.balance * Expand create panel on focus From Richard Hanania's feedback * welcome email: include link to manifold * Fix home page in dev on branches that are not free-response * Close emails (#50) * script init for stephen dev * market close emails * order of operations * template email * sendMarketCloseEmail: handle unsubscribe * remove debugging * marketCloseEmails: every hour * sendMarketCloseEmails: check undefined * marketCloseEmails: "every hour" => "every 1 hours" * Set up a read API using Vercel serverless functions (#49) * Set up read API using Vercel serverless functions Featuring: /api/v0/markets /api/v0/market/[contractId] /api/v0/slug/[contractSlug] * Include tags in API * Tweaks. Remove filter for only binary contract * Fix bet probability change for NO bets * Put back isProd calculation Co-authored-by: Austin Chen <akrolsmir@gmail.com> Co-authored-by: mantikoros <sgrugett@gmail.com> Co-authored-by: mantikoros <95266179+mantikoros@users.noreply.github.com>
2022-02-17 23:00:19 +00:00
match /{somePath=**}/answers/{answerId} {
rules fix
2022-01-05 22:52:54 +00:00
allow read;
}
Follow and unfollow folds
2022-01-26 20:03:32 +00:00
Custom feed (#43) * Show custom feed of contracts from folds your follow or have bet on. * Add tw-elements UI library * Add loading spinner while feed loads * Switch from onSnapshot to our listenForValues, which doesn't set with partial cached values * Change home tags to communities * Remove tw-elements for now
2022-02-04 00:13:04 +00:00
match /{somePath=**}/followers/{userId} {
allow read;
Hardening Firestore rules (#101) * Harden Firestore fold update rule This prevents editing fields on the fold that would lead to strange and disruptive results, for example, changing the curatorId to another user, or manually changing followCount. * Harden Firestore follower update rule This prevents users from creating follower entries with the userId of someone else, which would effectively subscribe that person to the fold. * Harden Firestore comment posting rule This prevents people from posting comments with inauthentic user information. * Fix silly bugs in comment rules I made
2022-04-27 08:17:29 +00:00
allow create, update: if request.auth.uid == userId && request.resource.data.userId == userId;
allow delete: if request.auth.uid == userId;
Custom feed (#43) * Show custom feed of contracts from folds your follow or have bet on. * Add tw-elements UI library * Add loading spinner while feed loads * Switch from onSnapshot to our listenForValues, which doesn't set with partial cached values * Change home tags to communities * Remove tw-elements for now
2022-02-04 00:13:04 +00:00
}
Send M$ to Charity & txns (#81) * Add components for CPM landing and charity pages * Remove misc.ts to fix build * Set up cloud function for writing txns * More plumbing for txns * Fix up API call * Use Date.now() to keep timestamps simple * Some styles for charity list page * Hard code charities data * Pass charity data to charity page * Update txn type * Listen for charity txns * Handle txn to non-user by burning it * Read txns for charity card and charity page. * Set images to object contain * Clean up txn types * Move pic to top of card. Other misc styling. * Update charity short & long descriptions * Add `token` and `category` to Txn * Fix breakages * Show Charity link in the sidebar * Fix typing issues * Fix not reading from the right type * Switch out icon * Also show Charity icon on mobile * Update copy Co-authored-by: Austin Chen <akrolsmir@gmail.com> Co-authored-by: James Grugett <jahooma@gmail.com>
2022-04-29 23:35:56 +00:00
match /txns/{txnId} {
allow read;
}
Sync firestore rules from firebase console
2022-06-02 17:14:01 +00:00
Manalink: Send mana to anyone via link (#114) * Set up Firestore structure for mana bounty links * Split up manalinks into successes and failures * Allow clients to create manalinks * Track txnId and successful users * Store custom amounts in the link * List all manalinks you've created * Support backend for claiming manalinks * Add some more error handling * Tweak readme * Fix typescript breakage * Revert "Convert common imports in functions to be absolute" This reverts commit c03518e9063848f4116e61d3a4f1188f7acedbb8. * Scaffolding so `claimManalink` works * Clean up imports * Barebones endpoint to claim mana * Fix rules to only allow link creators to query * Design out claim giftcard * List all claimed transactions * Style in a more awesome card * Fix import * Padding tweak * Fix useManalinkTxns hook * /send -> /link * Tidy up some details * Do a bunch of random manalinks work * Fix up LinksTable to build * Clean up LinksTable an absurd amount * Basic details functionality on manalinks table * Work on manalink claim stuff * Fix up some merge mess * Not-signed-in flow implemented * Better manalinks table * Only show outstanding links in table * Use new `ManalinkTxn` type * /link -> /links * Change manalinks page UI to use nice looking tabs * Many fixes to manalinks UI * Default to 1 use * Tidying up * Some copy changes based on feedback * Add required index Co-authored-by: Marshall Polaris <marshall@pol.rs>
2022-06-23 08:07:52 +00:00
// Note: `resource` = existing doc, `request.resource` = incoming doc
match /manalinks/{slug} {
// Anyone can view any manalink
allow get;
// Only you can create a manalink with your fromId
allow create: if request.auth.uid == request.resource.data.fromId;
// Only you can list and change your own manalinks
allow list, update: if request.auth.uid == resource.data.fromId;
}
Sync firestore rules from firebase console
2022-06-02 17:14:01 +00:00
match /users/{userId}/notifications/{notificationId} {
allow read;
allow update: if resource.data.userId == request.auth.uid
&& request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['isSeen', 'viewTime']);
}
Twitch integration (#815) * twitch account linking; profile page twitch panel; twitch landing page * fix import * twitch logo * save twitch credentials cloud function * use user id instead of bot id, add manifold api endpoint * properly add function to index * Added support for new redirect Twitch auth. * Added clean error handling in case of Twitch link fail. * remove simulator * Removed legacy non-redirect Twitch auth code. Added "add bot to channel" button in user profile and relevant data to user type. * Removed unnecessary imports. * Fixed line endings. * Allow users to modify private user twitchInfo firestore object * Local dev on savetwitchcredentials function Co-authored-by: Phil <phil.bladen@gmail.com> Co-authored-by: Marshall Polaris <marshall@pol.rs>
2022-09-14 08:52:31 +00:00
Members and contracts now subcollections of groups (#847) * Members and contracts now documents * undo loans change? * Handle closed group * Slight refactoring * Don't allow modification of private groups contracts * Add back in numMembers * Update group field names * Update firestore rules * Update firestore rules * Handle updated groups * update start numbers * Lint * Lint
2022-09-03 00:06:48 +00:00
match /{somePath=**}/groupMembers/{memberId} {
allow read;
}
match /{somePath=**}/groupContracts/{contractId} {
allow read;
}
Format firestore /group rules
2022-09-18 21:23:07 +00:00
match /groups/{groupId} {
allow read;
allow update: if (request.auth.uid == resource.data.creatorId || isAdmin())
&& request.resource.data.diff(resource.data)
.affectedKeys()
Overview page on groups (#961) * Frontpage on groups wip * Fix James's nits
2022-10-02 23:02:31 +00:00
.hasOnly(['name', 'about', 'anyoneCanJoin', 'aboutPostId', 'pinnedItems' ]);
Format firestore /group rules
2022-09-18 21:23:07 +00:00
allow delete: if request.auth.uid == resource.data.creatorId;
Members and contracts now subcollections of groups (#847) * Members and contracts now documents * undo loans change? * Handle closed group * Slight refactoring * Don't allow modification of private groups contracts * Add back in numMembers * Update group field names * Update firestore rules * Update firestore rules * Handle updated groups * update start numbers * Lint * Lint
2022-09-03 00:06:48 +00:00
Format firestore /group rules
2022-09-18 21:23:07 +00:00
match /groupContracts/{contractId} {
allow write: if isGroupMember() || request.auth.uid == get(/databases/$(database)/documents/groups/$(groupId)).data.creatorId
}
Members and contracts now subcollections of groups (#847) * Members and contracts now documents * undo loans change? * Handle closed group * Slight refactoring * Don't allow modification of private groups contracts * Add back in numMembers * Update group field names * Update firestore rules * Update firestore rules * Handle updated groups * update start numbers * Lint * Lint
2022-09-03 00:06:48 +00:00
Format firestore /group rules
2022-09-18 21:23:07 +00:00
match /groupMembers/{memberId}{
allow create: if request.auth.uid == get(/databases/$(database)/documents/groups/$(groupId)).data.creatorId || (request.auth.uid == request.resource.data.userId && get(/databases/$(database)/documents/groups/$(groupId)).data.anyoneCanJoin);
allow delete: if request.auth.uid == resource.data.userId;
}
function isGroupMember() {
return exists(/databases/$(database)/documents/groups/$(groupId)/groupMembers/$(request.auth.uid));
}
match /comments/{commentId} {
allow read;
allow create: if request.auth != null && commentMatchesUser(request.auth.uid, request.resource.data) && isGroupMember();
}
}
Dashboards (#791) * Create backend for Dashboards * Rm lastupdatetime for now * Added a create-dashboard and sharable view dashboard page * Various nit fixes. * Renamed Dashboards to Posts * Fix nits
2022-08-29 15:06:17 +00:00
match /posts/{postId} {
allow read;
Let admins add and edit posts to any group (#820) - show add post UI to admins - change firebase permissions
2022-08-31 18:29:49 +00:00
allow update: if isAdmin() || request.auth.uid == resource.data.creatorId
Dashboards (#791) * Create backend for Dashboards * Rm lastupdatetime for now * Added a create-dashboard and sharable view dashboard page * Various nit fixes. * Renamed Dashboards to Posts * Fix nits
2022-08-29 15:06:17 +00:00
&& request.resource.data.diff(resource.data)
.affectedKeys()
.hasOnly(['name', 'content']);
Let admins add and edit posts to any group (#820) - show add post UI to admins - change firebase permissions
2022-08-31 18:29:49 +00:00
allow delete: if isAdmin() || request.auth.uid == resource.data.creatorId;
Adds comments to posts (#844) * Adds comments to posts * Uncoupled CommentInput from Contracts * Fix nits
2022-09-07 22:09:20 +00:00
match /comments/{commentId} {
allow read;
allow create: if request.auth != null && commentMatchesUser(request.auth.uid, request.resource.data) ;
}
Dashboards (#791) * Create backend for Dashboards * Rm lastupdatetime for now * Added a create-dashboard and sharable view dashboard page * Various nit fixes. * Renamed Dashboards to Posts * Fix nits
2022-08-29 15:06:17 +00:00
}
basic firestore rules
2022-01-05 17:42:43 +00:00
}
Disallow users deleting contracts (#99)
2022-04-27 07:34:23 +00:00
}
Reference in New Issue Copy Permalink