-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirestore.rules
49 lines (42 loc) · 1.33 KB
/
firestore.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
rules_version = '2';
service cloud.firestore {
function isUnchanged(key) {
return (key in resource.data)
&& (key in request.resource.data)
&& (resource.data[key] == request.resource.data[key]);
}
function isContentOwner(userId) {
return userId == request.auth.uid;
}
function noNewFieldsAdded() {
return request.resource.data.keys() == resource.data.keys();
}
match /databases/{database}/documents {
match /users/{id} {
allow read, create: if isContentOwner(id);
allow update: if isContentOwner(id)
&& noNewFieldsAdded()
&& isUnchanged("email")
&& isUnchanged("id")
&& isUnchanged("lastSignInTime")
&& isUnchanged("registeredDate");
}
match /favorites/{id} {
allow create: if isContentOwner(request.resource.data.userId);
allow read, delete: if isContentOwner(resource.data.userId);
}
match /prevGames/{id} {
allow create: if isContentOwner(request.resource.data.userId);
allow read, delete: if isContentOwner(resource.data.userId);
}
// The admin SDK bypasses this rule
match /metadata/{id} {
allow read: if id == "data";
allow write, update, delete: if false;
}
// The admin SDK bypasses this rule
match /stories/{id} {
allow read: if request.auth != null;
}
}
}