From c2f993ddf25bd116d394a890481c147d9015b295 Mon Sep 17 00:00:00 2001 From: TrueMilli <61841994+TrueMilli@users.noreply.github.com> Date: Thu, 2 Jun 2022 01:30:36 +0200 Subject: [PATCH] check id on update (#393) --- firestore.rules | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/firestore.rules b/firestore.rules index feba35d9..e1e82089 100644 --- a/firestore.rules +++ b/firestore.rules @@ -45,7 +45,8 @@ service cloud.firestore { match /contracts/{contractId} { allow read; allow update: if request.resource.data.diff(resource.data).affectedKeys() - .hasOnly(['description', 'closeTime', 'tags', 'lowercaseTags']); + .hasOnly(['description', 'closeTime', 'tags', 'lowercaseTags']) + && resource.data.id == request.auth.uid; allow update: if isAdmin(); }