From 9b4974a3da4170e9f81c4e8a86e7f014d8f68848 Mon Sep 17 00:00:00 2001 From: Ian Philips Date: Thu, 2 Jun 2022 11:23:25 -0600 Subject: [PATCH] Auth for description/close time, unauth for tags --- firestore.rules | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/firestore.rules b/firestore.rules index f8cc148c..1dc4fd37 100644 --- a/firestore.rules +++ b/firestore.rules @@ -50,7 +50,9 @@ service cloud.firestore { match /contracts/{contractId} { allow read; allow update: if request.resource.data.diff(resource.data).affectedKeys() - .hasOnly(['description', 'closeTime', 'tags', 'lowercaseTags']) + .hasOnly(['tags', 'lowercaseTags']); + allow update: if request.resource.data.diff(resource.data).affectedKeys() + .hasOnly(['description', 'closeTime']) && resource.data.creatorId == request.auth.uid; allow update: if isAdmin(); }