Skip to content

Commit 712d720

Browse files
armouldrarmouldr
committed
fix: firestore fix some rules
1 parent 8872f33 commit 712d720

File tree

3 files changed

+67
-22
lines changed

3 files changed

+67
-22
lines changed

firebase/tests/firestore-mock-data.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ export const aliceAssociation = {
2727
alice: {
2828
color: 4294901760,
2929
displayName: "displayNameRole",
30-
permissions: ["Full Rights"],
30+
permissions: [""],
3131
},
3232
},
3333
image: "",

firebase/tests/firestore-rules.test.js

Lines changed: 63 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -111,30 +111,75 @@ async function runTests(testEnv) {
111111
);
112112

113113
/** Read and write operations on associations **/
114-
/*await assertSucceeds(
114+
await assertSucceeds(
115115
setDoc(
116116
doc(aliceDb, `/associations/${aliceAssociation.uid}`),
117117
aliceAssociation
118118
)
119119
);
120-
await assertFails(setDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`), { ...aliceAssociation, uid: "other" }));
121-
await assertSucceeds(getDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`)));
122-
await assertFails(updateDoc(doc(aliceDb, `/associations/${otherAssociation.uid}`), aliceAssociation));
123-
await assertFails(setDoc(doc(aliceDb, `/associations/new-association`), { ...aliceAssociation, uid: "new-association" }));
124-
await assertSucceeds(updateDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`), { ...aliceAssociation, name: "New name" }));
125-
await assertSucceeds(updateDoc(doc(aliceDb, `/associations/${otherAssociation.uid}`), { ...otherAssociation, followersCount: 1 }));
126-
await assertSucceeds(updateDoc(doc(aliceDb, `/associations/${otherAssociation.uid}`), { ...otherAssociation, followersCount: 0 }));
127-
await assertFails(updateDoc(doc(aliceDb, `/associations/${otherAssociation.uid}`), { ...otherAssociation, followersCount: 1000 }));
120+
await assertFails(
121+
setDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`), {
122+
...aliceAssociation,
123+
uid: "other",
124+
})
125+
);
126+
await assertSucceeds(
127+
getDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`))
128+
);
129+
await assertFails(
130+
updateDoc(
131+
doc(aliceDb, `/associations/${otherAssociation.uid}`),
132+
aliceAssociation
133+
)
134+
);
135+
await assertFails(
136+
setDoc(doc(aliceDb, `/associations/new-association`), {
137+
...aliceAssociation,
138+
uid: "new-association",
139+
})
140+
);
141+
await assertSucceeds(
142+
updateDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`), {
143+
...aliceAssociation,
144+
name: "New name",
145+
})
146+
);
147+
await assertSucceeds(
148+
updateDoc(doc(aliceDb, `/associations/${otherAssociation.uid}`), {
149+
...otherAssociation,
150+
followersCount: 1,
151+
})
152+
);
153+
await assertSucceeds(
154+
updateDoc(doc(aliceDb, `/associations/${otherAssociation.uid}`), {
155+
...otherAssociation,
156+
followersCount: 0,
157+
})
158+
);
159+
await assertFails(
160+
updateDoc(doc(aliceDb, `/associations/${otherAssociation.uid}`), {
161+
...otherAssociation,
162+
followersCount: 1000,
163+
})
164+
);
128165
await assertSucceeds(getDocs(collection(aliceDb, `/associations`)));
129-
await assertFails(deleteDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`)));
130-
await assertFails(setDoc(doc(aliceDb, `/associations/new-association`), aliceAssociation));
131-
await assertFails(setDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`), {
132-
uid: aliceAssociation.uid
133-
}));
134-
await assertFails(setDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`), {
135-
...aliceAssociation,
136-
members: "invalid type"
137-
}));*/
166+
await assertFails(
167+
deleteDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`))
168+
);
169+
await assertFails(
170+
setDoc(doc(aliceDb, `/associations/new-association`), aliceAssociation)
171+
);
172+
/*await assertFails(
173+
setDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`), {
174+
uid: aliceAssociation.uid,
175+
})
176+
);
177+
await assertFails(
178+
setDoc(doc(aliceDb, `/associations/${aliceAssociation.uid}`), {
179+
...aliceAssociation,
180+
members: "invalid type",
181+
})
182+
);*/
138183

139184
/** Read and write operations on events **/
140185
/*await assertSucceeds(setDoc(doc(aliceDb, `/events/${aliceEvent.uid}`), aliceEvent));

firestore.rules

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ service cloud.firestore {
1919

2020
match /users/{uid} {
2121
function isOwner() {
22-
return isVerified() && request.auth.uid == uid && request.auth.token.email == request.resource.data.email;
22+
return isVerified() && request.auth.uid == uid;
2323
}
2424
function validateJoinedAssociations() {
2525
// Prevent the user from changing the joinedAssociations field
@@ -74,12 +74,12 @@ service cloud.firestore {
7474
allow list: if isVerified();
7575
allow delete: if isOwner();
7676
allow create: if isOwner() && validate();
77-
allow update: if (isOwner() || onlySavedEventsUpdated() || onlyFollowedAssociationsUpdated()) && validateJoinedAssociations() && validate();
77+
allow update: if (onlySavedEventsUpdated() || onlyFollowedAssociationsUpdated()) && validateJoinedAssociations() && validate() && isOwner();
7878
}
7979

8080
match /associations/{uid} {
8181
function isMember() {
82-
return get(/databases/$(database)/documents/associations/$(uid)).data.members.hasAny([request.auth.uid]);
82+
return get(/databases/$(database)/documents/associations/$(uid)).data.members.keys().hasAny([request.auth.uid]);
8383
}
8484
function onlyUpdatedFollowerCount() {
8585
// Check that the only updated field is the followersCount field

0 commit comments

Comments
 (0)