-
Notifications
You must be signed in to change notification settings - Fork 0
/
database.rules.json
106 lines (91 loc) · 3.69 KB
/
database.rules.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
// yes, this file supports comments :)
/**
* The database rules in a nutshell
*
* 1. some user creates a game -> this user is the creator
* 2. all players can add themself to the players ref and set there name there
* 3. the creator creates a new question
* 4. all players answer the question
* 5. the creator checks the count for all players and writes the result into the database
* 6. the creator "finishes" the question and creates a new one, after this noone can edit the results of the old question
* 7. the creator "finishes" the game and nothing can be edit anymore
*/
{
"rules": {
".read": false,
".write": false,
"games": {
"$gameid": {
// everyone who knows the gameid can view the game
".read": true,
// a new game also needs to set the creator
".validate": "newData.hasChild('creator')",
"questions": {
"$qid": {
// only allow to create new questions by the creator
"question": {
".write": "!data.exists() && auth.uid === data.parent().parent().parent().child('creator').val() && !data.parent().parent().parent().child('finished').exists()"
},
"answer": {
".write": "!data.exists() && auth.uid === data.parent().parent().parent().child('creator').val() && !data.parent().parent().parent().child('finished').exists()"
},
"type": {
".write": "!data.exists() && auth.uid === data.parent().parent().parent().child('creator').val() && !data.parent().parent().parent().child('finished').exists()",
},
"guesses": {
"$uid": {
// allow to write own answeres as long as the question isn't finished
"guess": {
".write": "auth.uid === $uid && !data.exists() && !data.parent().parent().parent().child('finished').exists()",
".validate": "newData.isString()",
},
// the creator is trusted with checking the amount
"amount": {
".write": "auth.uid === data.parent().parent().parent().parent().parent().child('creator').val() && !data.exists()",
".validate": "newData.isNumber()"
},
"ready": {
".write": true
}
}
},
// the question can only be ended by the creator
"finished": {
".write": "!data.exists() && auth.uid == data.parent().parent().child('creator').val()",
".validate": "newData.val() === true"
},
// no other data
"$any": {
".validate": false
}
}
},
// players can set there own name
"players": {
"$uid": {
".write": "auth.uid === $uid && !data.parent().parent().child('finished').exists()",
".validate": "newData.isString()"
}
},
// the creator is always the uid of the player that created the game and can't be changed
"creator": {
".write": "!data.exists()",
".validate": "newData.val() == auth.uid"
},
// the creator can end the game
"finished": {
".write": "auth.uid === data.parent().child('creator').val() && !data.exists()",
".validate": "newData.val() === true"
},
// the creator can set the mode of the game
"mode": {
".write": "auth.uid === data.parent().child('creator').val()"
},
// no other data
"$any": {
".validate": false
}
}
}
}
}