3b3717d307
* Folds=>groups * Show groups on user profile * Allow group creation from /create * Refactoring to groups * Convert folds to groups * Add new add to group notification * Fix user profile tab bug * Add groups nav and tab for my groups * Remove bad profile pages * remove comments * Add group list dropdown to sidebar * remove unused * group cards ui * Messages=>Comments, v2, groupDetails * Discussion time * Cleaning up some code * Remove follow count * Fix pool scoring for cpmm * Fix imports * Simplify rules, add GroupUser collection * Fix group cards * Refactor * Refactor * Small fixes * Remove string * Add api error detail handling * Clear name field * Componentize * Spacing * Undo userpage memo * Member groups are already in my tab * Remove active contracts reference for now * Remove unused * Refactoring * Allow adding old questions to a group * Rename * Wording * Throw standard v2 APIError * Hide input for non-members, add about under title * Multiple names to & # more * Move comments firestore rules to appropriate subpaths * Group membership, pool=>volume * Cleanup, useEvent * Raise state to parent * Eliminate unused * Cleaning up * Clean code * Revert tags input deletion * Cleaning code * Stylling * Limit members to display * Array cleanup * Add categories back in * Private=>closed * Unused vars
127 lines
4.7 KiB
Plaintext
127 lines
4.7 KiB
Plaintext
rules_version = '2';
|
|
|
|
// To pick the right project: `firebase projects:list`, then `firebase use <project-name>`
|
|
// To deploy: `firebase deploy --only firestore:rules`
|
|
service cloud.firestore {
|
|
match /databases/{database}/documents {
|
|
|
|
function isAdmin() {
|
|
return request.auth.uid == 'igi2zGXsfxYPgB0DJTXVJVmwCOr2' // Austin
|
|
|| request.auth.uid == '5LZ4LgYuySdL1huCWe7bti02ghx2' // James
|
|
|| request.auth.uid == 'tlmGNz9kjXc2EteizMORes4qvWl2' // Stephen
|
|
|| request.auth.uid == 'IPTOzEqrpkWmEzh6hwvAyY9PqFb2' // Manifold
|
|
}
|
|
|
|
match /users/{userId} {
|
|
allow read;
|
|
allow update: if resource.data.id == request.auth.uid
|
|
&& request.resource.data.diff(resource.data).affectedKeys()
|
|
.hasOnly(['bio', 'bannerUrl', 'website', 'twitterHandle', 'discordHandle', 'followedCategories']);
|
|
}
|
|
|
|
match /users/{userId}/follows/{followUserId} {
|
|
allow read;
|
|
allow write: if request.auth.uid == userId;
|
|
}
|
|
|
|
match /{somePath=**}/follows/{followUserId} {
|
|
allow read;
|
|
}
|
|
|
|
match /private-users/{userId} {
|
|
allow read: if resource.data.id == request.auth.uid || isAdmin();
|
|
allow update: if (resource.data.id == request.auth.uid || isAdmin())
|
|
&& request.resource.data.diff(resource.data).affectedKeys()
|
|
.hasOnly(['apiKey', 'unsubscribedFromResolutionEmails', 'unsubscribedFromCommentEmails', 'unsubscribedFromAnswerEmails', 'notificationPreferences' ]);
|
|
}
|
|
|
|
match /private-users/{userId}/views/{viewId} {
|
|
allow create: if userId == request.auth.uid;
|
|
}
|
|
|
|
match /private-users/{userId}/events/{eventId} {
|
|
allow create: if userId == request.auth.uid;
|
|
}
|
|
|
|
match /private-users/{userId}/latency/{loadTimeId} {
|
|
allow create: if userId == request.auth.uid;
|
|
}
|
|
|
|
match /private-users/{userId}/cache/{docId} {
|
|
allow read: if userId == request.auth.uid || isAdmin();
|
|
}
|
|
|
|
match /contracts/{contractId} {
|
|
allow read;
|
|
allow update: if request.resource.data.diff(resource.data).affectedKeys()
|
|
.hasOnly(['tags', 'lowercaseTags']);
|
|
allow update: if request.resource.data.diff(resource.data).affectedKeys()
|
|
.hasOnly(['description', 'closeTime'])
|
|
&& resource.data.creatorId == request.auth.uid;
|
|
allow update: if isAdmin();
|
|
match /comments/{commentId} {
|
|
allow create: if request.auth != null && commentMatchesUser(request.auth.uid, request.resource.data);
|
|
}
|
|
}
|
|
|
|
match /{somePath=**}/bets/{betId} {
|
|
allow read;
|
|
}
|
|
|
|
match /{somePath=**}/liquidity/{liquidityId} {
|
|
allow read;
|
|
}
|
|
|
|
function commentMatchesUser(userId, comment) {
|
|
// it's a bad look if someone can impersonate other ids/names/avatars so check everything
|
|
let user = get(/databases/$(database)/documents/users/$(userId));
|
|
return comment.userId == userId
|
|
&& comment.userName == user.data.name
|
|
&& comment.userUsername == user.data.username
|
|
&& comment.userAvatarUrl == user.data.avatarUrl;
|
|
}
|
|
|
|
match /{somePath=**}/comments/{commentId} {
|
|
allow read;
|
|
}
|
|
|
|
match /{somePath=**}/answers/{answerId} {
|
|
allow read;
|
|
}
|
|
|
|
|
|
match /{somePath=**}/followers/{userId} {
|
|
allow read;
|
|
allow create, update: if request.auth.uid == userId && request.resource.data.userId == userId;
|
|
allow delete: if request.auth.uid == userId;
|
|
}
|
|
|
|
match /txns/{txnId} {
|
|
allow read;
|
|
}
|
|
|
|
match /users/{userId}/notifications/{notificationId} {
|
|
allow read;
|
|
allow update: if resource.data.userId == request.auth.uid
|
|
&& request.resource.data.diff(resource.data).affectedKeys()
|
|
.hasOnly(['isSeen', 'viewTime']);
|
|
}
|
|
|
|
match /groups/{groupId} {
|
|
allow read;
|
|
allow update: if request.auth.uid in resource.data.memberIds
|
|
&& request.resource.data.diff(resource.data).affectedKeys()
|
|
.hasOnly(['name', 'about', 'contractIds', 'memberIds', 'anyoneCanJoin' ]);
|
|
allow delete: if request.auth.uid == resource.data.creatorId;
|
|
|
|
function isMember() {
|
|
return request.auth.uid in get(/databases/$(database)/documents/groups/$(groupId)).data.memberIds;
|
|
}
|
|
|
|
match /comments/{commentId} {
|
|
allow create: if request.auth != null && commentMatchesUser(request.auth.uid, request.resource.data) && isMember();
|
|
}
|
|
}
|
|
}
|
|
}
|