open.source/manifold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update firstore rules

Browse Source
This commit is contained in:
Ian Philips 2022-06-22 13:17:56 -05:00
parent 495cbef995
commit 4902321cd3
1 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
firestore.rules
View File

@ -107,20 +107,25 @@ service cloud.firestore {
.hasOnly(['isSeen', 'viewTime']); .hasOnly(['isSeen', 'viewTime']);
} }
match /groups/{groupId} { match /groups/{groupId} {
allow read; allow read;
allow update: if request.auth.uid in resource.data.memberIds allow update: if request.auth.uid == resource.data.creatorId
&& request.resource.data.diff(resource.data).affectedKeys() && request.resource.data.diff(resource.data)
.hasOnly(['name', 'about', 'contractIds', 'memberIds', 'anyoneCanJoin' ]); .affectedKeys()
allow delete: if request.auth.uid == resource.data.creatorId; .hasOnly(['name', 'about', 'contractIds', 'memberIds', 'anyoneCanJoin' ]);
allow update: if (request.auth.uid in resource.data.memberIds || resource.data.anyoneCanJoin)
&& request.resource.data.diff(resource.data)
.affectedKeys()
.hasOnly([ 'contractIds', 'memberIds' ]);
allow delete: if request.auth.uid == resource.data.creatorId;
function isMember() { function isMember() {
return request.auth.uid in get(/databases/$(database)/documents/groups/$(groupId)).data.memberIds; return request.auth.uid in get(/databases/$(database)/documents/groups/$(groupId)).data.memberIds;
} }
match /comments/{commentId} {
match /comments/{commentId} { allow read;
allow create: if request.auth != null && commentMatchesUser(request.auth.uid, request.resource.data) && isMember(); allow create: if request.auth != null && commentMatchesUser(request.auth.uid, request.resource.data) && isMember();
} }
} }
} }
} }