-
Notifications
You must be signed in to change notification settings - Fork 0
/
firestore.rules
184 lines (136 loc) · 5.14 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
rules_version = "2"
service cloud.firestore {
match /databases/{database}/documents {
// ------------- 01. START OF TOPICS RULES
match /topics/{topicId} {
// every signed user can read a topic
// every signed user need to increment topic's post field when creating a post
allow read, update:
if request.auth != null;
match /posts/{postId} {
// every signed user can read a list of posts from an topic
allow read:
if request.auth != null;
// to create an post document inside an topic:
// - the user must be signed
// - the user must be the author of that post
// - the post's topic must pair with the parent topic
allow create:
if request.auth != null
&& request.resource.data.user.id == request.auth.uid
&& request.resource.data.topic.id == topicId;
}
match /users/{uid} {
// every signed user can read a list of users that write to an topic
allow read:
if request.auth != null;
// to create an user document inside an topic:
// - the user must be signed
// - the user can only create for himself
allow create:
if request.auth != null
&& uid == request.auth.uid;
}
}
// ------------- 01. END OF TOPICS RULES
// ------------- 02. START OF POSTS RULES
match /posts/{postId} {
// to create an post document:
// - the user must be signed
// - the user must be the author of that post
allow create:
if request.auth != null
&& request.resource.data.user.id == request.auth.uid;
// any signed user can read an post
// any signed user can update an post to increment bookmarks, shares, or readings
allow read, update:
if request.auth != null;
match /ratings/{uid} {
// to create, delete or read a rating the user must signed and be the author of that rating
allow create, update, read:
if request.auth != null
&& uid == request.auth.uid;
}
}
// ------------- 02. END OF POSTS RULES
// ------------- 03. START OF USERS RULES
match /users/{uid} {
// any signed user can read an user document
// any signed user can update an user document to increment or decrement subscriptions or subscribers
allow read, update:
if request.auth != null;
match /feed/{postId} {
// to read an post document on a feed:
// - the user must be signed
// - the user must be reading its own feed
allow read:
if request.auth != null
&& uid == request.auth.uid;
}
match /posts/{postId} {
// any signed user can read an post document of some author
allow read:
if request.auth != null;
// to create an post document inside user's posts subcollection:
// - the user must be signed
// - the user must be the author
allow create:
if request.auth != null
&& request.resource.data.user.id == request.auth.uid;
}
match /readings/{postId} {
// to create an post document inside user's readings subcollection:
// - the user must be signed
// - the user can only create for himself
allow create:
if request.auth != null
&& uid == request.auth.uid;
}
match /shares/{postId} {
// to create an post document inside user's shares subcollection:
// - the user must be signed
// - the user can only create for himself
allow create:
if request.auth != null
&& uid == request.auth.uid;
}
match /bookmarks/{postId} {
// to create, delete or read an post document inside user's bookmarks subcollection:
// - the user must be signed
// - the user can only create, delete or read his own bookmarks
allow create, delete, read:
if request.auth != null
&& uid == request.auth.uid;
}
match /subscriptions/{subscriptionId} {
// to create or delete an subscription document:
// - the user must be signed
// - the user can only create or delete for himself
allow create, delete:
if request.auth != null
&& uid == request.auth.uid;
// any signed user can read an user subscriptions
allow read:
if request.auth != null;
}
match /subscribers/{subscriberId} {
// to create or delete an subscriber document:
// - the user must be signed
// - the user can only create or delete if he is the subscriber
allow write:
if request.auth != null
&& subscriberId == request.auth.uid;
// any signed user can read an user subscribers
allow read:
if request.auth != null;
}
}
// ------------- 03. END OF USERS RULES
// ------------- 04. START OF CONFIGURATIONS RULES
match /configurations/default {
allow read:
if request.auth != null
}
// ------------- 04. START OF CONFIGURATIONS RULES
}
}