open.source/manifold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
262ce38bc1
manifold/firestore.rules
Marshall Polaris 262ce38bc1 Harden Firestore fold update rule 
This prevents editing fields on the fold that would lead to
strange and disruptive results, for example, changing the
curatorId to another user, or manually changing followCount.
2022-04-27 00:36:37 -07:00

71 lines
2.1 KiB
Plaintext
Raw Blame History

rules_version = '2';
// To deploy: `firebase deploy --only firestore:rules`
service cloud.firestore {
match /databases/{database}/documents {
function isAdmin() {
return request.auth.uid == 'igi2zGXsfxYPgB0DJTXVJVmwCOr2' // Austin
|| request.auth.uid == '5LZ4LgYuySdL1huCWe7bti02ghx2' // James
|| request.auth.uid == 'tlmGNz9kjXc2EteizMORes4qvWl2' // Stephen
|| request.auth.uid == 'IPTOzEqrpkWmEzh6hwvAyY9PqFb2' // Manifold
}
match /users/{userId} {
allow read;
allow update: if resource.data.id == request.auth.uid
&& request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['bio', 'bannerUrl', 'website', 'twitterHandle', 'discordHandle']);
}
match /private-users/{userId} {
allow read: if resource.data.id == request.auth.uid || isAdmin();
}
match /private-users/{userId}/views/{viewId} {
allow create: if userId == request.auth.uid;
}
match /private-users/{userId}/events/{eventId} {
allow create: if userId == request.auth.uid;
}
match /private-users/{userId}/latency/{loadTimeId} {
allow create: if userId == request.auth.uid;
}
match /contracts/{contractId} {
allow read;
allow update: if request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['description', 'closeTime', 'tags', 'lowercaseTags']);
allow update: if isAdmin();
}
match /{somePath=**}/bets/{betId} {
allow read;
}
match /{somePath=**}/comments/{commentId} {
allow read;
allow create: if request.auth != null;
}
match /{somePath=**}/answers/{answerId} {
allow read;
}
match /folds/{foldId} {
allow read;
allow update: if request.auth.uid == resource.data.curatorId
&& request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['name', 'about', 'tags', 'lowercaseTags']);
allow delete: if request.auth.uid == resource.data.curatorId;
}
match /{somePath=**}/followers/{userId} {
allow read;
allow write: if request.auth.uid == userId;
}
}
}
Reference in New Issue View Git Blame Copy Permalink